Importing an SSH key to iLO3 using RIBCL - the document is a lie! (9854 Views)
Reply
Occasional Visitor
fireman949
Posts: 4
Registered: ‎04-27-2011
Message 1 of 6 (9,854 Views)
Accepted Solution

Importing an SSH key to iLO3 using RIBCL - the document is a lie!

Infrastructure includes a c7000 Blade chassis & BL460G7 server with iLO3.  I'm using the OA ssh interface with hponcfg to apply the mentioned config.

 

Following the documentation /scripting guide for iLO v3 under the IMPORT_SSH_KEY section, there appears to be a discrepency between what is written vs. what actually works (the later of which I can't find).

 

I also noted that in that section (v 1.05) there are multiple references to iLO 2 and iLO 3 - as though they can be used interchangeably (or someone forgot to search and replace).

 

The instructions differ from iLO 2 where we didn't need the -----BEGIN SSH KEY ----- lines, so I wrote my XML RIBCL spell around the example given in the book.

 

The results come back "Invalid SSH key data."

 

We've tried several different itirations of the ssh key but the only thing that does seem to work is going to the webGUI to import the ssh key - this is not an acceptable option in our case.

 

The other big difference between iLO 2 and iLO 3 is that with iLO2 we were able to create a user without a password and just use ssh keys.  With iLO3, the RIBCL won't accept an XML spell without a password defined.  It seems like we're stepping back a bit or HP hasn't updated the documentation to reflect the new way of doing it.

 

 

Occasional Visitor
fireman949
Posts: 4
Registered: ‎04-27-2011
Message 2 of 6 (9,852 Views)

Re: Importing an SSH key to iLO3 using RIBCL - the document is a lie!

[ Edited ]

This gets even more interesting..

 

The latest iLO 3 scripting guide :
http://h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp?lang=en&cc=us&contentType=Support...

 

Revised slightly and removed their iLO2 lines.. however, the content is much the same.  According to the docs, "At the end of the key, append a space and the name of a valid iLO 3 user name"

 

My user is foo.

 

Using RIBCL:

If I follow the docs and put 'foo' at the end of my ssh key (space foo), I get a message back Invalid SSH key data.  If I have a key with foo@host at the end, I get a message - There is no user name or the user name appended to SSH key does not exist.

 

In the web interface, I get exactly the same behavior:

ssh-keygen -t dsa -C foo@host  -f /tmp/ilo_console_key  <<-- works

ssh-keygen -t dsa -C foo  -f /tmp/ilo_console_key              <<-- fail

 

This is great if I was going to use the web interface for all my administration, but the web interface is a timesuck if you are responsible for many hosts.

 

The plot thickens when you use hponcfg via Linux command line,

 

Using hponcfg-3.1.0, same key, same XML spell, it accepts the ssh key with the 'foo' user name at the end.

 

This is very inconsistent behavior and I've opened a ticket with HP support.

 

 

 

 

 

 

 

 

 

 

 

Visitor
Eric_328
Posts: 1
Registered: ‎04-09-2010
Message 3 of 6 (9,690 Views)

Re: Importing an SSH key to iLO3 using RIBCL - the document is a lie!

I too fought with this but I think I finally cracked it.  The key (no pun intended) is that each line in the SSH key can be no more than 80 characters long.  It may work if the lines are shorter (or even longer) but I made mine exactly 80 chars and that worked so I didn't play with it anymore.  I don't know if it's required, but I also put the "ssh-dss" on it's own line.  Here's my entire script:

 

<RIBCL VERSION="2.0">
  <LOGIN USER_LOGIN="admin" PASSWORD="password">
  <RIB_INFO MODE="write">
      <IMPORT_SSH_KEY>
-----BEGIN SSH KEY-----
ssh-dss
thisisthepublicsshkeyyouwanttoaddtoilo/notethateachlineneedstobenomorethan80char
idonotknowifusingshorterlines,orevenlonglines,willworkbutbreakingmykeyupto80char
linesworkedsoididnotplaywithitanylonger/ioriginallyhadthekeyasasingle580charline
andthatalwaysreturnedainvalidsshkeyerror/afterplayingwithitawhileitriedthisandit
worked/ialsodonotknowifyouneedtoputssh-dssonalinebyitselfbutagainitworksthisway/
11222222223444444444444444455555555556666666666777777777778888888888889999999900
/aaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbcccccccccccccccccdddddddddddddddeeeeeeeeee
fffffffffffgggggggg UserName
-----END SSH KEY-----
      </IMPORT_SSH_KEY>
  </RIB_INFO>
  </LOGIN>
</RIBCL>

Occasional Visitor
fireman949
Posts: 4
Registered: ‎04-27-2011
Message 4 of 6 (9,312 Views)

Re: Importing an SSH key to iLO3 using RIBCL - the document is a lie!

Eric,

 

I don't know who you are or if you'll see this, but that worked. 

 

Thank you for taking the time to register and post an answer.

 

--

Eric du Toit

http://www.linkedin.com/in/ericdutoit

Occasional Visitor
fireman949
Posts: 4
Registered: ‎04-27-2011
Message 5 of 6 (9,308 Views)

Re: Importing an SSH key to iLO3 using RIBCL - the document is a lie!

 

oh.. and where do I send the pizza ?

Occasional Visitor
Jonphs
Posts: 1
Registered: ‎07-09-2013
Message 6 of 6 (7,532 Views)

Re: Importing an SSH key to iLO3 using RIBCL - the document is a lie!

80 character lines didn't work for me - 68 character lines, the same as the GUI input window for SSH keys worked though.  thanks for the hint!

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.