Troubleshooting Tip: 'No matching key exchange found'

Specify the key exchange algorithm in FortiGate to match the key exchange algorithm on the other side:

config system global
    set strong-crypto {enable | disable}
    set ssh-kex-algo <algo_1> [<algo_2> ... <algo_n>]
end

Note that the algorithm options are different based on the strong encryption setting.

strong-crypto enabled, ssh-kex-algo could be:

• diffie-hellman-group14-sha256
• diffie-hellman-group16-sha512
• diffie-hellman-group18-sha512
• diffie-hellman-group-exchange-sha256
• curve25519-sha256@libssh.org
• ecdh-sha2-nistp256
• ecdh-sha2-nistp384
• ecdh-sha2-nistp521

strong-crypto disabled, ssh-kex-algo could be:

• diffie-hellman-group14-sha1
• diffie-hellman-group14-sha256
• diffie-hellman-group16-sha512
• diffie-hellman-group18-sha512
• diffie-hellman-group-exchange-sha1
• diffie-hellman-group-exchange-sha256
• curve25519-sha256@libssh.org
• ecdh-sha2-nistp256
• ecdh-sha2-nistp384
• ecdh-sha2-nistp521

Choose the proper SSH key exchange method. SSH from FortiGate to other devices should work.

Related article:
Troubleshooting Tip: SSH error 'No matching host key type found' without any offer.