2048 bits off more than iLO 4 can chew

Any good administrator knows that public key authentication for SSH is better than using passwords, and longer keys are better than shorter keys.

Well, someone might want to let Hewlett Packard know.

The latest version of HP’s Integrated Lights-Out 4 (version 2.55) will happily accept a 4096-bit public key for SSH authentication. There won’t be any indication that there might be a problem.

The first you’ll know about any problem is when you attempt to connect using the associated 4096-bit private key. You won’t be able to get in. Nothing you can do will work.

It’s only if you cheat (i.e. read the documentation) that you’ll eventually stumble across the cause of the problem: Hewlett Packard has intentionally and inexplicably restricted the iLO 4’s support for SSH keys to a maximum of 2048 bits, even in the most recent version released in 2018.

So, if you’re administering iLO 4 on your estate and you want to use key-based authentication for SSH, remember to limit your keys to 2048 bits apiece.