FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 304916

This article describes how to resolve an issue where, when trying to import the private key into FortiOS (for example, an SSH proxy local-key), an error appears due to an incorrect format.

Scope FortiOS.

In Windows 10 and Windows 11, there is a built-in SSH keygen which can be used to generate the SSH public and private key pair.

  • Open CMD in Windows and enter ssh-keygen:




  • Generated keys will be saved under the C:Users\username\.ssh\ path by default. This can be modified as needed.
  • Enter the password for the private key and save it somewhere. It will be used when importing the private key into FortiOS.
  • A key created with the default settings in Windows 10 is sha256 with RSA 3072-bit.
  • Different key algorithm are also available. See the GitHub docs for more information.
  • Two files will be generated:



  • The first file is a private key and the second file is a public key.
  • Use Notepad++ to open the file and copy it to FortiOS in the following configuration:

config firewall ssh local-key

edit <name>

set password {password}  <- The private key password.

set private-key {user}   <- Private key.

set public-key {user} <- Public key.

set source [built-in|user]



  • Enter the public key with opening and closing quotation marks ("").



  • Enter the private key with opening and closing quotation marks ("").
  • Note the error below:



  • This is due to the private key format generated having multiple break lines. The '>' symbol indicates a break line.
  • FortiOS can only accept the key format in a single line.
  • Remove the break line in-between for the private key and paste it again.



  • The private key is now setup successfully.
  • To view the full SSH key setting, run the 'get' command.