Saturday, September 2, 2017

FreeBSD 11 - vt console debacle

Standard

Vt console in FreeBSD

Introduction

For some reason server distributions of *nix now have to have a vt based (compositing) console, so that you can get your console into the larger resolutions.

Personally I fail to see the need for this at all. When you connect to your server it is via ssh 95% of the time. Or probably more. And your client PC where off you run ssh probably has a hd display today. Using the actual console is something you do when there are problems. Usually in single user mode. This does not have to be bling bling.

What about us, that depend on the serial console? Or text mode without a compositor. Well it would seem FreeBSD is now going down the Ubuntu server road, and we have to do some fiddeling in order to make our Inside Lights out cards, serial consoles and what not working again.

At least for me, my iLO card on my HP server could no longer bridge to the console after an upgrade to FreeBSD 11. I was told the console was in an unsupported graphics mode and after plugging a monitor onto the server, it was in 640x480.

How to fix this.

Fortunately this is simple not requiring a custom kernel build or anything. In loader.conf put:

kern.vty=sc

And you are back to the old sc driver for the console. And I can again get a console via ethernet. Also in single user via the iLO.

Conclusion

Back to normal ..

Tuesday, July 25, 2017

HP inside lights out and OpenSSH

Standard

Problem

The sshd server implementation made by HP on ILO cards - especially older ones - can be notoriously difficult to use with newer versions of OpenSSH.

The main reason is algorithms rendered unsafe by old age combined with a very strange implementation by HPs hands.

Solution

The following configuration on the client side made my current version of OpenSSH play reasonably nice with ILO / SSH. There is some unexplained disconnects by the server I cannot figure out. 

In .ssh/config

Host <hostname>/<IP>
PasswordAuthentication yes
ChallengeResponseAuthentication no
GSSAPIAuthentication no
HostbasedAuthentication no
PubkeyAuthentication no
RSAAuthentication no
Compression no
ForwardAgent no
ForwardX11 no
Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128
HostKeyAlgorithms ssh-rsa,ssh-dss
KexAlgorithms diffie-hellman-group1-sha1
MACs hmac-sha1
ServerAliveInterval 0

Result

You can now SSH to the ILO card and use the cmd line tool from HP. Issue a 

</>hpiLO-> remcons

To get a real HW console bridged over the network.


Subscribe to: Posts (Atom)