Description |
This article describes the solution for the SSH error 'No matching host key type found. Their offer:' After upgrading to v7.2.6. |
Scope |
FortiGate FOS v7.2.6 |
Solution |
Upon taking a packet capture, it may be seen that FortiGate did not send any host key-type proposal:
From SSH and debug, the 'list_hostkey_types' is empty:
SSH: Forked child 31816. SSH: Client protocol version 2.0; client software version PuTTY_Release_0.68 SSH: no match: PuTTY_Release_0.68 SSH: Enabling compatibility mode for protocol 2.0 SSH: Local version string SSH-2.0-Nn0FjQVd-y SSH: fd 7 setting O_NONBLOCK SSH: Proposal: 0, Ciphers: 'diffie-hellman-group14-sha1' SSH: Proposal: 2, Ciphers: 'chacha20-poly1305@openssh.com,aes256-ctr,aes256-gcm@openssh.com' SSH: Proposal: 3, Ciphers: 'chacha20-poly1305@openssh.com,aes256-ctr,aes256-gcm@openssh.com' SSH: Proposal: 4, Ciphers: 'hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com' SSH: Proposal: 5, Ciphers: 'hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com' SSH: list_hostkey_types:
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.