Troubleshooting Tip: 'Unable to negotiate with x.x.x.x: no matching host key type found.' error after upgrading FortiSwitch from v7.4.6 to v7.6.1

Description

This article describes the solution for the error 'Unable to negotiate with x.x.x.x: no matching host key type found. Their offer:' When trying to connect to the FortiSwitch from FortiGate or other external resources via SSH.

Scope

FortiSwitch v7.6.1.

Solution

After upgrading FortiSwitch to v7.6.1, it is possible that SSH keys need to be regenerated.

Issue:

Cannot manage FSW via SSH

FortiSwitch is Authorized/Up on switch-controller:

FortiSwitch is Authorized/Up on switch-controller

Solution:

Regenerate SSH keys by executing this command on FortiSwitch CLI. Note that this command must be executed via console port (baud rate 115200):

exec ssh-regen-keys

FortiSwitch CLI (connected via console port)

Then try again to access the FortiSwitch via SSH from FortiGate or any other SSH client; the issue should be resolved:

Accept the new key generated.