ssh(1) and Geriatric iLO2

  • Wed 26 July 2017
  • misc

Most of my world is virtualized these days, so not that much going on IPMI/BMC/iLO/DRAC-wise on a day to day basis.

But what when you're playing with hypervisors that really really want to be running on bare metal? Time to get something cheap and cheerful with CPUs that support the minimum virtualization extensions (for example, VT-x and EPT).

Fortunately we live in a golden age of stuff you can pull out of the dumpster, intercept on the way to the recycler, or just buy for cheap. But an old machine is still an old machine, and even when you upgrade to the latest version of the BIOS and the lights-out monitor, you may find yourself behind the curve on features.

Case in point is iLO2 version 2.29 on these boxes. The latest version dates to 2015, and fortunately has ciphers that are compatible with modern web browsers, but apparently modern ssh apparently tries to offer too many ciphers and the ssh daemon gives up and unceremoniously closes the connection (at least when a Mac tries to connect).

The following snippet from ~/.ssh/config has been tested with MacOS 10.11 and a DL360g6 running iLO2 2.29.

{% raw %} host ilo-dl360g6-1 HostName User Administrator Ciphers aes128-cbc,3des-cbc Macs hmac-md5,hmac-sha1 KexAlgorithms diffie-hellman-group1-sha1