OpenSSH rsa-sha1 key exchange needed for HPE iLO 4 control

[Kailee71]

Hi all,
I'm running a couple of HP Gen 8 machines with ILO 4 2.73. I have been (very happily) using scripted ssh access from the previous OS (Truenas Core 13) on boot to silence the fans according to Silence of the Fans. However I am now upgrading from Truenas Core 13 to Scale 23.10 and this no longer works as rsa-sha1 key exchange no longer seems to work from Scale. The ILO does not (and will not as it's oooold) support more modern key exchanges and so my question is, can more recent versions of OpenSSH be coaxed into using rsa-sha1 anyway? I have OpenSSH 8.6 on a windows machine and that still works fine.

Best of thanks for any help,

Kai.

PS: Here's some info on what iLO's ssh server supports.

 

[Kailee71]

Just for info, here's the relevant bits from ssh -v;

Code:

debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: Skipping ssh-dss key /home/admin/.ssh/id_dsa - corresponding algo not in PubkeyAcceptedAlgorithms
debug1: Will attempt key: /home/admin/.ssh/id_rsa RSA SHA256:eaN5vBXMsKVZMNc0g8LO8ZvJ9r5FrOlGdFYK7NZYPLI
debug1: Will attempt key: /home/admin/.ssh/id_ecdsa ECDSA SHA256:FMHo+l5Wwiip7+OaeMUdh5iCwDll+euGrasomf40R5E
debug1: Will attempt key: /home/admin/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/admin/.ssh/id_ed25519 ED25519 SHA256:7urqi63FzL6D/MxtejmmfviNHS54+f7+1v2p6e7UvGg
debug1: Will attempt key: /home/admin/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/admin/.ssh/id_xmss
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: password,publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/admin/.ssh/id_rsa RSA SHA256:eaN5vBXMsKVZMNc0g8LO8ZvJ9r5FrOlGdFYK7NZYPLI
debug1: send_pubkey_test: no mutual signature algorithm
debug1: Offering public key: /home/admin/.ssh/id_ecdsa ECDSA SHA256:FMHo+l5Wwiip7+OaeMUdh5iCwDll+euGrasomf40R5E
debug1: Authentications that can continue: password,publickey
debug1: Trying private key: /home/admin/.ssh/id_ecdsa_sk
debug1: Offering public key: /home/admin/.ssh/id_ed25519 ED25519 SHA256:7urqi63FzL6D/MxtejmmfviNHS54+f7+1v2p6e7UvGg
debug1: Authentications that can continue: password,publickey
debug1: Trying private key: /home/admin/.ssh/id_ed25519_sk
debug1: Trying private key: /home/admin/.ssh/id_xmss
debug1: Next authentication method: password
administrator@ilo0.fritz.box's password:
Authenticated to ilo0.fritz.box ([192.168.200.240]:22) using "password".
debug1: channel 0: new session [client-session] (inactive timeout: 0)
debug1: Entering interactive session.

 

[Kailee71]

Ok so after a lot of trial and error it turned out to be a permissions issue on ~/.ssh/id_rsa.pub. It needed to be 644 but was set to 664. Setting it to that instantly made everything work as expected. Just for completeness here are the options now needed to ssh into iLO4 from TrueNAS Scale 23.10:

Code:

ssh -oKexAlgorithms=diffie-hellman-group1-sha1 -oHostKeyAlgorithms=ssh-rsa -oPubkeyAcceptedKeyTypes=ssh-rsa $ILOUSER@$ILO4

Sorry for any wasted time.

Kai.

 

[HoneyBadger]

Appreciate the follow-up report that it was a permission issue, as it helps others who might be in the same position (and anyone with HP gear should, in my opinion, be using Silence of the Fans for their own sanity!)