|
This article discusses SSH keyboard-interactive (KBD) and its impact on communication to network devices for CLI access.
SSH keyboard-interactive is an authentication method.
This method is disabled by default starting with the following versions:
9.2.7.
9.4.2.
F7.2.0.
This change should accommodate most infrastructure devices.
However, some devices may require SSH keyboard-interactive.
If not configured correctly, FortiNAC will fail SSH login.
Examples include (but may not be limited to) Arista switches.
Example log (TelnetServer debug enabled):
debug2: userauth_kbdint
debug3: send packet: type 50
debug2: we sent a keyboard-interactive packet, wait for reply
debug3: receive packet: type 60
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
debug3: send packet: type 61
debug3: receive packet: type 60
debug2: input_userauth_info_req
Change Password Is Disabled <----
debug2: input_userauth_info_req: num_prompts 0
debug3: send packet: type 61
Authentication failed. <---
Consequently, functions requiring CLI interaction will not work properly, including:
- L2/L3 polling.
- VLAN switching.
Note:
CLI is not always used for the above functions. Methods used are dependent upon the switch vendor.
If a device requires SSH keyboard-interactive, it can be configured on a per-device basis.
|
