just a data point: with jessie's openssh setting HostKeyAlgorithms=ssh-rsa is no longer sufficient to connect to ilo 1 systems. according to the discussion at http://h30499.www3.hp.com/t5/ITRC-Remote-Lights-Out-Mgmt-iLO/Unable-to-SSH-to-iLO2-with-OpenSSH-6-2/td-p/6050925 the problem is that ilo is fairly dumb; it neither ignores unsupported ciphers/macs/options nor does it support any reasonable payload sizes. openssh up to 6.0 worked with just limiting the host key algorithm, openssh 6.7 offers way more options by default which exceeds ilo's payload size, and it just disconnects during the key exchange/negotiation phase. hp seems to have fixed this for ilo 2 recently, but not for ilo 1. for the few ilo 1 systems i've got to connect to every now and then i've had to pare down the negotiation options to the following working bare minimum: HostKeyAlgorithms ssh-rsa,ssh-dss KexAlgorithms diffie-hellman-group1-sha1 Ciphers aes128-cbc,3des-cbc MACs hmac-md5,hmac-sha1 regards az -- Alexander Zangerl + GPG Key 0xB963BD5F (or 0x42BD645D) + http://snafu.priv.at/ Hal, open the file Hal, open the damn file, Hal open the, please Hal
Attachment:
signature.asc
Description: Digital Signature