Technical Tip: Disable SSH host key verification for FortiGate devices in FortiSIEM

Description

This article describes how to disable SSH host key verification for FortiGate devices in FortiSIEM.

In environments where FortiGate devices are upgraded frequently, SSH host key changes can cause repeated SSH connectivity failures in FortiSIEM. A practical way to avoid this for FortiGate devices is to update the FortiGate-specific SSH script so that host key verification is skipped for this workflow.

Scope

FortiSIEM.

FortiGate.

Solution

Symptoms: The issue may be observed from the FortiSIEM connectivity test results for the FortiGate device.

failed (Host key verification failed, remove host key from /opt/phoenix/bin/.ssh/known_hosts to resolve this issue)

Edit the following script on the FortiSIEM device:

/opt/phoenix/bin/getCmdOutViaSSH_Fortinet.exp

Update the SSH spawn line as follows:

spawn -noecho ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -p $port $user@$host

This disables SSH host key verification for the FortiGate-specific workflow in FortiSIEM.

If FortiSIEM is upgraded later, the same script modification must be applied again.

Additional notes:

If the issue affects only a small number of FortiGate devices, the related SSH host key entries can also be removed manually from the FortiSIEM side:

Technical Note: [Accelops KB] How to reset SSH key

ssh-keygen -R <FortiGate_IP>

This can be a practical option for a limited number of devices.