- Community Home
- >
- Servers and Operating Systems
- >
- HPE BladeSystem
- >
- BladeSystem - General
- >
- Re: Importing an SSH key to iLO3 using RIBCL - the...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-27-2011 02:50 PM
04-27-2011 02:50 PM
Infrastructure includes a c7000 Blade chassis & BL460G7 server with iLO3. I'm using the OA ssh interface with hponcfg to apply the mentioned config.
Following the documentation /scripting guide for iLO v3 under the IMPORT_SSH_KEY section, there appears to be a discrepency between what is written vs. what actually works (the later of which I can't find).
I also noted that in that section (v 1.05) there are multiple references to iLO 2 and iLO 3 - as though they can be used interchangeably (or someone forgot to search and replace).
The instructions differ from iLO 2 where we didn't need the -----BEGIN SSH KEY ----- lines, so I wrote my XML RIBCL spell around the example given in the book.
The results come back "Invalid SSH key data."
We've tried several different itirations of the ssh key but the only thing that does seem to work is going to the webGUI to import the ssh key - this is not an acceptable option in our case.
The other big difference between iLO 2 and iLO 3 is that with iLO2 we were able to create a user without a password and just use ssh keys. With iLO3, the RIBCL won't accept an XML spell without a password defined. It seems like we're stepping back a bit or HP hasn't updated the documentation to reflect the new way of doing it.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-27-2011 04:23 PM - edited 04-27-2011 04:35 PM
04-27-2011 04:23 PM - edited 04-27-2011 04:35 PM
Re: Importing an SSH key to iLO3 using RIBCL - the document is a lie!
This gets even more interesting..
The latest iLO 3 scripting guide :
http://h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp?lang=en&cc=us&contentType=SupportManual&prodTypeId=18964&prodSeriesId=4154735&docIndexId=64179
Revised slightly and removed their iLO2 lines.. however, the content is much the same. According to the docs, "At the end of the key, append a space and the name of a valid iLO 3 user name"
My user is foo.
Using RIBCL:
If I follow the docs and put 'foo' at the end of my ssh key (space foo), I get a message back Invalid SSH key data. If I have a key with foo@host at the end, I get a message - There is no user name or the user name appended to SSH key does not exist.
In the web interface, I get exactly the same behavior:
ssh-keygen -t dsa -C foo@host -f /tmp/ilo_console_key <<-- works
ssh-keygen -t dsa -C foo -f /tmp/ilo_console_key <<-- fail
This is great if I was going to use the web interface for all my administration, but the web interface is a timesuck if you are responsible for many hosts.
The plot thickens when you use hponcfg via Linux command line,
Using hponcfg-3.1.0, same key, same XML spell, it accepts the ssh key with the 'foo' user name at the end.
This is very inconsistent behavior and I've opened a ticket with HP support.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-19-2011 11:53 AM
07-19-2011 11:53 AM
SolutionI too fought with this but I think I finally cracked it. The key (no pun intended) is that each line in the SSH key can be no more than 80 characters long. It may work if the lines are shorter (or even longer) but I made mine exactly 80 chars and that worked so I didn't play with it anymore. I don't know if it's required, but I also put the "ssh-dss" on it's own line. Here's my entire script:
<RIBCL VERSION="2.0">
<LOGIN USER_LOGIN="admin" PASSWORD="password">
<RIB_INFO MODE="write">
<IMPORT_SSH_KEY>
-----BEGIN SSH KEY-----
ssh-dss
thisisthepublicsshkeyyouwanttoaddtoilo/notethateachlineneedstobenomorethan80char
idonotknowifusingshorterlines,orevenlonglines,willworkbutbreakingmykeyupto80char
linesworkedsoididnotplaywithitanylonger/ioriginallyhadthekeyasasingle580charline
andthatalwaysreturnedainvalidsshkeyerror/afterplayingwithitawhileitriedthisandit
worked/ialsodonotknowifyouneedtoputssh-dssonalinebyitselfbutagainitworksthisway/
11222222223444444444444444455555555556666666666777777777778888888888889999999900
/aaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbcccccccccccccccccdddddddddddddddeeeeeeeeee
fffffffffffgggggggg UserName
-----END SSH KEY-----
</IMPORT_SSH_KEY>
</RIB_INFO>
</LOGIN>
</RIBCL>
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-11-2012 07:54 PM
01-11-2012 07:54 PM
Re: Importing an SSH key to iLO3 using RIBCL - the document is a lie!
Eric,
I don't know who you are or if you'll see this, but that worked.
Thank you for taking the time to register and post an answer.
--
Eric du Toit
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-11-2012 08:08 PM
01-11-2012 08:08 PM
Re: Importing an SSH key to iLO3 using RIBCL - the document is a lie!
oh.. and where do I send the pizza ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-09-2013 06:36 AM
07-09-2013 06:36 AM
Re: Importing an SSH key to iLO3 using RIBCL - the document is a lie!
80 character lines didn't work for me - 68 character lines, the same as the GUI input window for SSH keys worked though. thanks for the hint!