HPE Community
BladeSystem - General
1752511 Members
4729 Online
108788 Solutions
New Discussion

Re: Importing an SSH key to iLO3 using RIBCL - the document is a lie!

 
SOLVED
Go to solution
fireman949
Occasional Visitor

‎04-27-2011 02:50 PM

‎04-27-2011 02:50 PM

Importing an SSH key to iLO3 using RIBCL - the document is a lie!

Infrastructure includes a c7000 Blade chassis & BL460G7 server with iLO3.  I'm using the OA ssh interface with hponcfg to apply the mentioned config.

 

Following the documentation /scripting guide for iLO v3 under the IMPORT_SSH_KEY section, there appears to be a discrepency between what is written vs. what actually works (the later of which I can't find).

 

I also noted that in that section (v 1.05) there are multiple references to iLO 2 and iLO 3 - as though they can be used interchangeably (or someone forgot to search and replace).

 

The instructions differ from iLO 2 where we didn't need the -----BEGIN SSH KEY ----- lines, so I wrote my XML RIBCL spell around the example given in the book.

 

The results come back "Invalid SSH key data."

 

We've tried several different itirations of the ssh key but the only thing that does seem to work is going to the webGUI to import the ssh key - this is not an acceptable option in our case.

 

The other big difference between iLO 2 and iLO 3 is that with iLO2 we were able to create a user without a password and just use ssh keys.  With iLO3, the RIBCL won't accept an XML spell without a password defined.  It seems like we're stepping back a bit or HP hasn't updated the documentation to reflect the new way of doing it.

 

 

0 Kudos
Reply
5 REPLIES 5
fireman949
Occasional Visitor

‎04-27-2011 04:23 PM - edited ‎04-27-2011 04:35 PM

‎04-27-2011 04:23 PM - edited ‎04-27-2011 04:35 PM

Re: Importing an SSH key to iLO3 using RIBCL - the document is a lie!

This gets even more interesting..

 

The latest iLO 3 scripting guide :
http://h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp?lang=en&cc=us&contentType=SupportManual&prodTypeId=18964&prodSeriesId=4154735&docIndexId=64179

 

Revised slightly and removed their iLO2 lines.. however, the content is much the same.  According to the docs, "At the end of the key, append a space and the name of a valid iLO 3 user name"

 

My user is foo.

 

Using RIBCL:

If I follow the docs and put 'foo' at the end of my ssh key (space foo), I get a message back Invalid SSH key data.  If I have a key with foo@host at the end, I get a message - There is no user name or the user name appended to SSH key does not exist.

 

In the web interface, I get exactly the same behavior:

ssh-keygen -t dsa -C foo@host  -f /tmp/ilo_console_key  <<-- works

ssh-keygen -t dsa -C foo  -f /tmp/ilo_console_key              <<-- fail

 

This is great if I was going to use the web interface for all my administration, but the web interface is a timesuck if you are responsible for many hosts.

 

The plot thickens when you use hponcfg via Linux command line,

 

Using hponcfg-3.1.0, same key, same XML spell, it accepts the ssh key with the 'foo' user name at the end.

 

This is very inconsistent behavior and I've opened a ticket with HP support.

 

 

 

 

 

 

 

 

 

 

 

0 Kudos
Reply
Eric_328
Visitor

‎07-19-2011 11:53 AM

‎07-19-2011 11:53 AM

Solution

Re: Importing an SSH key to iLO3 using RIBCL - the document is a lie!

I too fought with this but I think I finally cracked it.  The key (no pun intended) is that each line in the SSH key can be no more than 80 characters long.  It may work if the lines are shorter (or even longer) but I made mine exactly 80 chars and that worked so I didn't play with it anymore.  I don't know if it's required, but I also put the "ssh-dss" on it's own line.  Here's my entire script:

 

<RIBCL VERSION="2.0">
  <LOGIN USER_LOGIN="admin" PASSWORD="password">
  <RIB_INFO MODE="write">
      <IMPORT_SSH_KEY>
-----BEGIN SSH KEY-----
ssh-dss
thisisthepublicsshkeyyouwanttoaddtoilo/notethateachlineneedstobenomorethan80char
idonotknowifusingshorterlines,orevenlonglines,willworkbutbreakingmykeyupto80char
linesworkedsoididnotplaywithitanylonger/ioriginallyhadthekeyasasingle580charline
andthatalwaysreturnedainvalidsshkeyerror/afterplayingwithitawhileitriedthisandit
worked/ialsodonotknowifyouneedtoputssh-dssonalinebyitselfbutagainitworksthisway/
11222222223444444444444444455555555556666666666777777777778888888888889999999900
/aaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbcccccccccccccccccdddddddddddddddeeeeeeeeee
fffffffffffgggggggg UserName
-----END SSH KEY-----
      </IMPORT_SSH_KEY>
  </RIB_INFO>
  </LOGIN>
</RIBCL>

0 Kudos
Reply
fireman949
Occasional Visitor

‎01-11-2012 07:54 PM

‎01-11-2012 07:54 PM

Re: Importing an SSH key to iLO3 using RIBCL - the document is a lie!

Eric,

 

I don't know who you are or if you'll see this, but that worked. 

 

Thank you for taking the time to register and post an answer.

 

--

Eric du Toit

http://www.linkedin.com/in/ericdutoit

0 Kudos
Reply
fireman949
Occasional Visitor

‎01-11-2012 08:08 PM

‎01-11-2012 08:08 PM

Re: Importing an SSH key to iLO3 using RIBCL - the document is a lie!

 

oh.. and where do I send the pizza ?

0 Kudos
Reply
Jonphs
New Member

‎07-09-2013 06:36 AM

‎07-09-2013 06:36 AM

Re: Importing an SSH key to iLO3 using RIBCL - the document is a lie!

80 character lines didn't work for me - 68 character lines, the same as the GUI input window for SSH keys worked though.  thanks for the hint!

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.