Remote Lights-Out Mgmt (iLO 2, iLO, RILOE II) Forum
Showing results for 
Search instead for 
Do you mean 

ssh kills iLo3 if I my ssh agent is forwarded with a DSA key loaded

Occasional Advisor

ssh kills iLo3 if I my ssh agent is forwarded with a DSA key loaded

I have a bunch of DL360G7, DL380G7 and DL385G7's.

To access the iLo on these systems I hop through a jump box to get there.

I forward my ssh agent because that's how I auth with other systems behind this jump box.

If I then try to ssh to the iLo of any one of my systems (and I have a DSA key loaded up in my ssh agent) I never get a login prompt to the iLo and it becomes unresponsive to any sort of connection after that other than ping. Before it will work again I have to use hponcfg -r to reset the iLo.

If I remove the DSA key from my forwarded agent (or if I only have RSA keys loaded) then my ssh connection works fine.

Although the workaround of removing the keys works, it's not going to be long before one of my users forgets and breaks the iLo of a system that's broken (so I can't login and use hponcfg -r to reset it).

My systems are running the most recent iLo firmware (which according to hponcfg is v1.20 on the DL360G7s).

Does anyone have an idea if there's some sort of setting that can be changed to fix this or whether I need to get HP to look into it?

If it's something that only HP can fix do they regularly monitor these forums or do bugs like this have to be reported in a different way?

Thanks

Gary
8 REPLIES
Honored Contributor

Re: ssh kills iLo3 if I my ssh agent is forwarded with a DSA key loaded

Cases like this ones needs to be reproduced in our lab to be able to debug it an fix it.

Could you please call HP support, log a case and provide all the details that can help us reproduce this hang?

Once you get a case number, please post it here and I'll get the case elevated. Thanks



__________________________________________________
I work for Hewlett Packard

If you feel this was helpful please click the KUDOS! thumb below!
Frequent Advisor

Re: ssh kills iLo3 if I my ssh agent is forwarded with a DSA key loaded

I am experiencing the same behavior!

I have now "broken" at least 3 different ILO3's with SSH from a Ubuntu 11.04 server.

I will look into raising a support case also
Frequent Advisor

Re: ssh kills iLo3 if I my ssh agent is forwarded with a DSA key loaded

Hi Oscar,

I made a ticket about this. Case ID: 4631007373

I am using ILO3 v1.25 on a 380G7

Let me know if you need any more details additionally to the ticket.

Thanks for help,
A
Honored Contributor

Re: ssh kills iLo3 if I my ssh agent is forwarded with a DSA key loaded

The case says you agreed to close the case.

*** NOTES June 16,2011 12:55:14 [June 16,2011 14:55:14 EET-2EEST FI]
Action Type: Default
Called to customer
Putty works.
Ssh from ubuntu fails to login and freezes (OpenSSH_5.8p1 Debian-1ubuntu3, OpenSSL 0.9.8o 01 Jun 2010 )
Ssh from redhat works.
customer agreed to close this case

*** CASE CLOSE June 16,2011 12:55:24 [June 16,2011 14:55:24 EET-2EEST FI]



__________________________________________________
I work for Hewlett Packard

If you feel this was helpful please click the KUDOS! thumb below!
Frequent Advisor

Re: ssh kills iLo3 if I my ssh agent is forwarded with a DSA key loaded

They did not want to keep the case open and since it works from putty/redhat they said its a Ubuntu problem.. I hope you are able to either reopen it or just take a few steps testing this internally and reproduce the problem.
Advisor

Re: ssh kills iLo3 if I my ssh agent is forwarded with a DSA key loaded

[ Edited ]

It's not Ubuntu's problem - that's complete nonsense. The same happens with PuTTY combined with Pageant and Pageant option checked in PuTTY connection settings to an ILO3. I've just hung my ILO3 by inadvertently connecting to it with my Pageant on and this checkbox checked (connection copied from another one where I use key-based authentication). Firmware 1.20 but as I read above the same applies to 1.25.

 

Is it really so hard for HP to reproduce this problem? AntsInPants, just tell them to download PuTTY and Pageant, load any DSA key to Pageant and connect to the ILO with "Connection -> SSH -> Auth -> Attempt authentication using Pageant" option enabled.

 

I would open a ticket myself if I owned the server but unfortunately it don't. Anyway, it's scary that anyone can hang my ILO in a dedicated server in a datacenter, running on a public IP.

Honored Contributor

Re: ssh kills iLo3 if I my ssh agent is forwarded with a DSA key loaded

I was able to reproduce the issue using putty and a 4096 bits private DSA key that I created using puttygen

 

I have uploaded an iLO3 1.26 beta2 to the below FTP.  Please test it and let me know if it fixes your issue as well.

 

 FTP Access: ftp://tempilo3:1wantiLO@ftp.usa.hp.com/

or: ftp://tempilo3:1wantiLO@15.192.32.78/

 




__________________________________________________
I work for Hewlett Packard

If you feel this was helpful please click the KUDOS! thumb below!
Frequent Advisor

Re: ssh kills iLo3 if I my ssh agent is forwarded with a DSA key loaded

Hi Oscar, and all.

 

Yes, I was able to reproduce the problem to HP Support with redhat and Ubuntu both, so they agreed the problem not to be platform specific.

 

Oscar, I tested your 1.26 beta3, and the problem does not seem to reproduce again! So from my point of view turn beta3 into a production release! :-)

 

Thanks again.

//Add this to "OnDomLoad" event