If the following lines are observed in the migration tool's debug log files, open a ticket with Fortinet technical support and provide the migration log file referencing ID 1082845. Fortinet technical support will provide the proper tools and instructions to resolve the issue.

The problem occurs in very rare cases (with an unidentified root cause) and is attributed to OS-specific settings on the customer's side. On some occasions, reinstalling Ubuntu with default settings and using an updated version of the Microsoft PowerShell OpenSSH tool (download from here) has proven to resolve the issue.:

2024-11-12 13:14:15,468 === Key exchange possibilities ===
2024-11-12 13:14:15,468 kex algos: curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, sntrup761x25519-sha512@openssh.com, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256, kex-strict-s-v00@openssh.com
2024-11-12 13:14:15,468 server key: rsa-sha2-512, rsa-sha2-256, ecdsa-sha2-nistp256, ssh-ed25519
2024-11-12 13:14:15,468 client encrypt: chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com
2024-11-12 13:14:15,468 server encrypt: chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com
2024-11-12 13:14:15,468 client mac: umac-64-etm@openssh.com, umac-128-etm@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1
2024-11-12 13:14:15,468 server mac: umac-64-etm@openssh.com, umac-128-etm@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1
2024-11-12 13:14:15,468 client compress: none, zlib@openssh.com
2024-11-12 13:14:15,468 server compress: none, zlib@openssh.com
2024-11-12 13:14:15,468 client lang: <none>
2024-11-12 13:14:15,468 server lang: <none>
2024-11-12 13:14:15,468 kex follows: False
2024-11-12 13:14:15,468 === Key exchange agreements ===
2024-11-12 13:14:15,468 Kex: curve25519-sha256@libssh.org
2024-11-12 13:14:15,468 HostKey: ssh-ed25519
2024-11-12 13:14:15,468 Cipher: aes128-ctr
2024-11-12 13:14:15,468 MAC: hmac-sha2-256
2024-11-12 13:14:15,468 Compression: none
2024-11-12 13:14:15,468 === End of kex handshake ===
2024-11-12 13:14:15,489 kex engine KexCurve25519 specified hash_algo <built-in function openssl_sha256>
2024-11-12 13:14:15,489 Switch to new keys ...
2024-11-12 13:14:15,489 Adding ssh-ed25519 host key for [10.1.100.54]:22: b'e38c3639fb6d6891eac366b388fd5bd3'
2024-11-12 13:14:15,489 Got EXT_INFO: {'server-sig-algs': b'ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com', 'publickey-hostbound@openssh.com': b'0'}
2024-11-12 13:14:15,887 Trying discovered key b'7b5b810f967edc4034f35fdaba9174ee' in .ssh\id_rsa
2024-11-12 13:14:15,903 userauth is OK
2024-11-12 13:14:15,903 Finalizing pubkey algorithm for key of type 'ssh-rsa'
2024-11-12 13:14:15,903 Our pubkey algorithm list: ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-rsa']
2024-11-12 13:14:15,903 Server-side algorithm list: ['ssh-ed25519', 'sk-ssh-ed25519@openssh.com', 'ssh-rsa', 'rsa-sha2-256', 'rsa-sha2-512', 'ssh-dss', 'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', 'ecdsa-sha2-nistp521', 'sk-ecdsa-sha2-nistp256@openssh.com', 'webauthn-sk-ecdsa-sha2-nistp256@openssh.com']
2024-11-12 13:14:15,903 Agreed upon 'rsa-sha2-512' pubkey algorithm
2024-11-12 13:14:15,925 Authentication (publickey) failed.
2024-11-12 13:14:15,925 Trying discovered key b'1e1d729acbb6d6e7f802c2f0d2038b2e' in .ssh\id_rsa
2024-11-12 13:14:15,925 userauth is OK
2024-11-12 13:14:15,925 Unknown exception: q must be exactly 160, 224, or 256 bits long
2024-11-12 13:14:15,935 Traceback (most recent call last):
2024-11-12 13:14:15,935 File "paramiko\transport.py", line 2164, in run
2024-11-12 13:14:15,935 File "paramiko\auth_handler.py", line 395, in _parse_service_accept
2024-11-12 13:14:15,935 File "paramiko\dsskey.py", line 109, in sign_ssh_data
2024-11-12 13:14:15,935 File "cryptography\hazmat\primitives\asymmetric\dsa.py", line 242, in private_key
2024-11-12 13:14:15,935 File "cryptography\hazmat\backends\openssl\backend.py", line 843, in load_dsa_private_numbers
2024-11-12 13:14:15,935 File "cryptography\hazmat\primitives\asymmetric\dsa.py", line 283, in _check_dsa_private_numbers
2024-11-12 13:14:15,935 File "cryptography\hazmat\primitives\asymmetric\dsa.py", line 275, in _check_dsa_parameters
2024-11-12 13:14:15,935 ValueError: q must be exactly 160, 224, or 256 bits long
2024-11-12 13:14:15,935
2024-11-12 13:14:15,939 Exception type : Traceback (most recent call last):
File "main.py", line 33, in main
File "main.py", line 175, in init
File "lib\pre_migration.py", line 40, in __init__
File "lib\helper\scphelper.py", line 18, in __init__
File "paramiko\client.py", line 435, in connect
File "paramiko\client.py", line 682, in _auth
File "paramiko\transport.py", line 1635, in auth_publickey
File "paramiko\auth_handler.py", line 245, in wait_for_response
File "paramiko\transport.py", line 2164, in run
File "paramiko\auth_handler.py", line 395, in _parse_service_accept
File "paramiko\dsskey.py", line 109, in sign_ssh_data
File "cryptography\hazmat\primitives\asymmetric\dsa.py", line 242, in private_key
File "cryptography\hazmat\backends\openssl\backend.py", line 843, in load_dsa_private_numbers
File "cryptography\hazmat\primitives\asymmetric\dsa.py", line 283, in _check_dsa_private_numbers
File "cryptography\hazmat\primitives\asymmetric\dsa.py", line 275, in _check_dsa_parameters
ValueError: q must be exactly 160, 224, or 256 bits long