Description | This article describes behavior where SSH communication can fail if the device controlling the VIP changes. This is due to a change in the SSH key, making the currently used key invalid. |
Scope | FortiNAC with Cisco ASA, Aruba WLC, and Aruba IAP integrations. |
Solution |
Version 9.4.3 and above: To prevent an SSH communication failure due to this scenario, the MultiKnownHostEntries attribute can be enabled. FortiNAC's known_hosts cache is checked for all potential matches of the VIP and determines which entry to use. This is done on a per-device model basis.
This function is also detailed under Model Configuration in the Administration Guide.
FortiNAC-OS: Addressed in versions F 7.2.7, F 7.4.1 & F 7.6.0 See Configure SSH Keys for VIP in the Admin Guide
Procedure (CentOS Only):
When prompted to continue connecting, enter yes.
For example: |