FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
vpalli
Staff
Staff
Description This article provides more detailed information about the log message 'Administrator admin login failed from SSH because of invalid SSH key'
Scope

FortiGate

Solution

The following log message will be displayed under the system events logs when an admin login failed due to invalid SSH key:

 

Log Description:   Admin login failed

Action:            login

Status:            failed

Reason:            ssh_key_invalid

User Interface:    ssh (172.25.181.252)

Message:           Administrator admin login failed from ssh (172.25.181.252) because of invalid ssh key

 


An SSH application attempting to authenticate with FortiGate using public/private key pair and challenge/challenge-response messages, the above log message may be generated if the admin account on FortiGate is not configured to use SSH Keys for authentication or if the SSH key pair is incorrect.

For more information about its configuration, refer to
Technical Tip: How to authenticate an admin user to FortiGate via CLI using SSH keys

 

In order to verify the error in the connection, the following SSH daemon debugs must be run on FortiGate:

 

# diag debug app sshd -1
# diag debug console timestamp enable
# diag debug enable


The following debug messages indicate that the SSH authentication using public key method failed and during the third attempt, the SSH Client authenticated using the password method successfully.


SSH: userauth-request for user admin service ssh-connection method publickey   <----
SSH: attempt 1 failures 0
SSH: input_userauth_request: try method publickey
SSH: test whether pkalg/pkblob are acceptable
SSH: temporarily_use_uid: 0/0 (e=0/0)
SSH: trying public key file /etc/ssh/admin_auth_keys
SSH: Could not open authorized keys '/etc/ssh/admin_auth_keys': No such file or directory
SSH: restore_uid: 0/0
SSH: temporarily_use_uid: 0/0 (e=0/0)
SSH: trying public key file (null)/.ssh/authorized_keys2
SSH: Could not open authorized keys '(null)/.ssh/authorized_keys2': No such file or directory
SSH: restore_uid: 0/0
SSH: userauth_pubkey: authenticated 0 pkalg ssh-rsa
SSH: userauth_finish: failure partial=0 next methods="publickey,password"
SSH: userauth-request for user admin service ssh-connection method password   <----
SSH: attempt 2 failures 1

SSH: input_userauth_request: try method password
SSH: Accepted password for admin from 192.168.1.250 port 57906 ssh2
SSH: notify_hostkeys: key 0: ssh-rsa SHA256:VnzgZQymfLYwWwI8ZNJhv5zv2Q+diBL8HLhqMKZSYm0
SSH: notify_hostkeys: key 1: ssh-ed25519 SHA256:6XFL3Q2zqPzeVUOhlUSQgG3sKm7MgdL/NSEEFeQaMv

 

In such case, even though SSH access to FortiGate is successful FortiGate will log a message stating 'Administrator admin login failed from SSH because of invalid SSH key'.

There are 2 solutions to avoid generating such log messages on FortiGate:


1) Disable the SSH Public Key authentication method on SSH Client and FortiGate.

Use password authentication instead.


2) Provide correct public/private key pair to the FortiGate and SSH Client.

 

Contributors