Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
xiaoj
Staff
Staff

Created on ‎09-17-2023 08:49 PM Edited on ‎11-06-2023 08:11 AM By Moderator

Article Id 273990

Troubleshooting Tip: 'No matching key exchange found'

Description This article describes how to configure the SSH key exchange method to resolve an error stating no matching key exchange was found.
Scope FortiGate.
Solution

ssh.png

 

Specify the key exchange algorithm in FortiGate to match the key exchange algorithm on the other side:

 

config system global
    set strong-crypto {enable | disable}
    set ssh-kex-algo <algo_1> [<algo_2> ... <algo_n>]
end

 

Note that the algorithm options are different based on the strong encryption setting.

 

strong-crypto enabled, ssh-kex-algo could be:

  • diffie-hellman-group14-sha256
  • diffie-hellman-group16-sha512
  • diffie-hellman-group18-sha512
  • diffie-hellman-group-exchange-sha256
  • curve25519-sha256@libssh.org
  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521

strong-crypto disabled, ssh-kex-algo could be:

  • diffie-hellman-group14-sha1
  • diffie-hellman-group14-sha256
  • diffie-hellman-group16-sha512
  • diffie-hellman-group18-sha512
  • diffie-hellman-group-exchange-sha1
  • diffie-hellman-group-exchange-sha256
  • curve25519-sha256@libssh.org
  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521

Choose the proper SSH key exchange method. SSH from FortiGate to other devices should work.

Related article:
Troubleshooting Tip: SSH error 'No matching host key type found' without any offer.
Labels:
13761
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.