|Description||This article describes behavior where SSH communication can fail if the device controlling the VIP changes. This is due to a change in the SSH key, making the currently used key invalid.|
|Scope||FortiNAC with Cisco ASA, Aruba WLC, and Aruba IAP integrations.|
Version 9.4.3 and above: To prevent an SSH communication failure due to this scenario, the MultiKnownHostEntries attribute can be enabled. FortiNAC's known_hosts cache is checked for all potential matches of the VIP and determines which entry to use. This is done on a per-device model basis.
This function is also detailed under Model Configuration in the Administration Guide.
Procedure (CentOS Only):