Technical Tip: Palo Alto admin banner causes SSH connections to fail
Description
Palo Alto firewall SSH accounts can be configured with an admin banner. When the admin banner is enabled, the appliance is unable to connect. If the banner is disabled, the SSH connection works.
Telnet accounts do not have this function. If the Protocol is set to Telnet in the Model configuration, credential validation works.
Enabling the admin banner changes the login sequence when connecting to Palo Alto. This change prevents the appliance from completing login.
Scope
Version: 8.x
Solution
In the firewall, disable the admin banner for the SSH account used by the appliance to connect. This banner is not supported.
The account username is listed under CLI Settings in the Palo Alto Model Configuration in Topology.