Set the iLO password from Linux using hponcfg

No matter if you are looking for a way to manage the iLO settings from the Linux command line or just have lost or forgotten the iLO password, as long as you have access to the Linux system running on the server, HP’s management utilities allows you to configure the iLO even without knowing the password for it.

To reset / set the password of the iLO from within the linux operating system on an HP server, the hponcfg utility needs to be installed. The hp utilities are not part of the standard distributions’ repositories. As such, an additional repository needs to be added.

Installing the Management Component Pack

Follow the instructions from this page about the Management Component Pack (mcp) to install the mcp repository (the page also lists which distributions and versions are supported). The steps below show the installation for Debian.

Adding the repository on Debian:

echo "# HPE Management Component Pack" >/etc/apt/sources.list.d/hp-nonfree.list
echo "deb jessie/current non-free" >/etc/apt/sources.list.d/hp-nonfree.list

The repository contains signed packages. To verify the signature, the corresponding keys need to be installed too. It is suggested to install all the keys to be able to verify packages that have been signed before 2015. At the time of writing, in 2018, importing the old keys seems not to really be necessary to setup the repository on Debian.

curl | apt-key add -

After setting up the repository, the hponcfg utility can be installed. The repository offers a number of packages with hponcfg being the one necesarry to set the password for the iLO.

$ sudo apt-get install hponcfg

Setting the iLO password

The hponcfg utility is an online configuration tool used to set up and reconfigure the local iLO without requiring a reboot of the server operating system. It can be used to retrieve and change the iLO configuration of the local server from the linux command line.

In the following, the “Administrator” password is set. To set any setting on the iLO, an xml file (called iLO4_set_password.xml in this example) needs to be prepared. The XML starts with the “RIBCL” element followed by the “LOGIN” element which contains the a username and password property.

infoIt’s interesting to notice at this point is that the “LOGIN” element must be present in the xml document but neither the username nor the password needs to be valid login credentials to the iLO. In fact, they can be anything but an empty string. To illustrate this, the following example xml shows an “x” as USER_LOGIN and PASSWORD.

The element after LOGIN contains the setting to be set in the iLO. In the below example, it contains the MOD_USER element together with its USER_LOGIN property to modify the “Administrator” user. The PASSWORD element inside the MOD_USER defines the new password (in clear text) to be set for the Administrator user.

  <USER_INFO MODE="write">
    <MOD_USER USER_LOGIN="Administrator">
      <PASSWORD value="pa$$word"/>

Saved to a file, this xml can be loaded into the iLO. To load the xml file into the iLO, the hponcfg command with the “-f filename” option is used. The “-f” option instructs hponcfg to set Management Processor (iLO) configuration from “filename”.

$ sudo hponcfg -f iLO4_set_password.xml
HP Lights-Out Online Configuration utility
Version 4.6.0 Date 09/28/2015 (c) Hewlett-Packard Company, 2015
Firmware Revision = 2.54 Device type = iLO 4 Driver name = hpilo
Script succeeded

After the command has been executed successfully, the Administrator’s password is set to the new value.

To find out about other settings that can be set using the hponcfg utility, I suggest exporting all settings using the following command as well as checking the Scripting Toolkit for Linux – Using HPONCFG, which contains some examples but sadly not much explanation.

$ sudo hponcfg -a -w iLO4_export.xml

Read more of my posts on my blog at

This entry was posted in Rescue, Security and tagged , , . Bookmark the permalink.