SSH Key not working accessing Fortinet Firewall

I was becoming mad trying to find out why my SSH key fails to connect to Fortinet firewalls.

I have a script in a server that fails to connect to Fortinet Firewall using SSH Key. Any time i tried to connect Fortinet Firewall using ssh connection, firewall required me the password instead of give me access.
These are the step that i follow in order to solve the problem.

Troubleshooting SSH Key problem

in this example:

ostrich -> is the name of the user that need to access firewall

myserver -> you won’t beleive that, but this is the server from which SSH requests originate

fortinet.localhostrich -> dns name of my fortinet firewall

Connectivity

Port 22 should be opened between server and firewall. In my case i’m sure it is, because running ssh connection, remote firewall asks me for a password:

[ostrich@myserver ~]# ssh ostrich@fortinet.localhostrich
ostrich@fortinet.localhostrich's password:
 

In case your don’t, there should be a network issue. To be sure run:

[ostrich@myserver ~]# telnet ostrich@fortinet.localhostrich 22

If port 22 is closed, ask to you networking team to have a look at this issue.

Check User

Obviusly but… deas the user exist on Firewall? is it enabled to access from your server? is the ssh key correct?

Check if user is allowed to access firewall and the source IP accepted, then have a look at ssh-key

The ssh-key on Firewall should be the same as you find in your server

[ostrich@myserver ~]# cat /home/ostrich/.ssh/id_rsa.pub

Right Options in SSH command

It was my problem, doing only ssh user@ip was not enough to have the ssh-key working.

The solution was to add this option:

[ostrich@myserver ~]# ssh -o PubkeyAcceptedAlgorithms=+ssh-rsa ostrich@fortinet.localhostrich
MiFirewall #

-o PubkeyAcceptedAlgorithms=+ssh-rsa fix my problem

This Troubleshooting is also usefull in case scp comand doesn’t work

Lascia una risposta

Il tuo indirizzo email non sarĂ  pubblicato. I campi obbligatori sono contrassegnati *