Description |
This article discusses SSH keyboard-interactive (KBD) and its impact on communication to network devices for CLI access.
SSH keyboard-interactive is an authentication method. This method is disabled by default starting with the following versions:
This change should accommodate most infrastructure devices. However, some devices may require SSH keyboard-interactive. If not configured correctly, FortiNAC will fail SSH login.
Examples include (but may not be limited to) Arista switches.
Example log (TelnetServer debug enabled):
debug2: userauth_kbdint
Consequently, functions requiring CLI interaction will not work properly, including: - L2/L3 polling. - VLAN switching.
Note: CLI is not always used for the above functions. Methods used are dependent upon the switch vendor.
If a device requires SSH keyboard-interactive, it can be configured on a per-device basis. |
Scope | FortiNAC 9.2.7, 9.4.2, F7.2.0 and greater. |
Solution |
Login to the FortiNAC CLI and enable keyboard-interactive:
device -ip <device IP> -setAttr -name SSH_KBD_ENABLED -value true
Example:
To remove or restore default settings remove the attribute:
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.