There’s a known issue with the SSH implementation in the iLO firmware for HP Proliant servers (specifically G2 and G3) and OpenSSH 5.1p1. There was a thread on the OpenSSH developers list that referenced this problem and suggested a solution, but it doesn’t seem to be a sure fix.
This problem is present on my DL360 G2’s which are running the 1.84 2006-05-05 version of the iLO firmware (iLO 1.84 pass9) with the P26 2004.05.01 version of the system firmware. I also see the issue on a DL380G3 running iLO 1.92 2008.04.24 and system firmware P29 2004.09.15. The only way that I can reliably get into the iLO is by SSHing from a box with an older version of SSH, such as 4.2p1.
Most of the things that I could find online referenced unsetting the LANG environment variable:
and then SSHing with agent forwarding disabled:
Unfortunately this combination doesn’t seem to do it for me.
I happened to stumble by this post to the debian-ssh mailing list, which suggested that shortening the new OpenSSH version string fixed the problem.
I was able to confirm that the version string is, in fact, the sole problem. I downloaded the source of OpenSSH 5.2p1 and, with the following small patch to version.h, managed to get SSH working to the iLO perfectly:
--- openssh-patched/version.h 2009-06-12 00:35:48.000000000 -0400
+++ openssh-5.2p1/version.h 2009-02-22 19:09:26.000000000 -0500
@@ -1,6 +1,6 @@
/* $OpenBSD: version.h,v 1.55 2009/02/23 00:06:15 djm Exp $ */
-#define SSH_VERSION "OpenSSH"
+#define SSH_VERSION "OpenSSH_5.2"
-#define SSH_PORTABLE ""
+#define SSH_PORTABLE "p1"
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
I patched version.h, ran `./configure`, `make`, and then copied the compiled ssh binary to /usr/bin/ilossh, so that my original ssh binary would be intact, and the ilossh binary would be left alone by RPM upgrades.
Tech HowTos ilo, openssh, proliant, ssh
For quite a while, I’ve been planning on centralizing a lot of my personal storage (documents, miscellaneous stuff) on one machine at home. The biggest problem that I have is that, while a VPN would be a good solution for my apartment (if I could get IPcop to do VPN between two dynamic IPs), it doesn’t really work for my mobile life. My laptop is often connected to untrusted wireless, and unknown firewall configurations, so VPN isn’t always the best (and definitely not the easiest) option. Given road warrior use, NFS is obviously out of the question.
After a little searching, I found the SSHFS module for FUSE, which allows userspace mounting of a SFTP filesystem. Despite some initial hiccups, I managed to get it setup on two machines – my laptop and a desktop in the apartment. This week I’ll finish working on the rest of the machines – and eventually replace my aging SSH gateway machine (currently a 10-year-old Gateway mini tower) with a Soekris box.
The setup was pretty easy:
- Make sure you have public key authentication setup for ssh between the machines, using RSA keys.
- Make sure fuse, libfuse, and the related packages are installed.
- Install the sshfs package.
- Make sure your user is added to the “trusted” group (for OpenSuSE).
After that, just give it a spin, as the user that you want to mount the filesystem as:
sshfs hostname:/path/to/mount /path/to/local/mountpoint
Once that worked pefectly, I added the following to my .bash_profile:
# this handles SSHFS mount of the central-home dir
if [ -a /path/to/local/mountpoint ]; then
echo "HOSTNAME home is mounted at /path/to/local/mountpoint"
else
echo "Mounting HOSTNAME home at /path/to/local/mountpoint..."
hostname:/path/to/mount /path/to/local/mountpoint
fi
Tech HowTos fuse, sftp, ssh, sshfs, storage
Well, today happens to be my 21st birthday. Now, not only can I vote or die for my country, but I can finally buy a drink when a president I didn’t vote for sends me off to war! All kidding aside, almost every year I can remember, it’s either snowed on my birthday, or been a rainy, slushy mess. This year appears to be the latter – an utterly disgusting mix of rain, slushy snow, and little chunks of ice from last night.
I haven’t had much time this week to do anything interesting – it’s been a busy week for class-related stuff, and a bunch of work-related stuff too. So, I guess I’ll just post some interesting links for the past few days…
Sun Microsystems has announced that we’ll be acquiring Innotek, and therefore VirtualBox. This means that Sun’s virtualization products will now reach to the desktop – and that I should give VirtualBox a shot for running OpenSolaris on my laptop. (aside: why is virtualization not in my Firefox spell check yet???)
Researchers at the Pittsburgh Supercomputing Center have come out with a version of SSH / SCP that uses multi-threading, for use in high-bandwidth applications on multi-core systems.
An ITnews article on why Open Source needs better PR.
What? Microsoft sued again? Ars Technica ran an article on the Vista Capable fiasco, with some comments from MS insiders. How is it that such a big company, with such a ubiquitous product, can constantly be sued, have MAJOR screwups, screw over their customers, and still people come back for more?
BBC News – EU Competition Regulators raid Intel offices in Munich.
A CNet article (linked from John M. Willis’ ESM Blog) on the US Treasury upping its content management budget to $28.2 million – no wonder why ww have so much debt, nobody told them about Drupal. From the article – “tens of millions on a $1 million problem”.
Roger Rustad’s Nagios Wiki, liked in a Groundwork blog entry.
Interesting Links and Resources birthday, innotek, multi-threading, opensource, ssh, sun, virtualbox
