Help
FortiPAM
FortiPAM allows you to protect, isolate and secure privileged account credentials, manage and control privileged user access, and monitor and record privileged account activity.
RobertD
Staff
Staff

Created on ‎04-28-2023 12:26 AM

Article Id 254332

Troubleshooting Tips: How to debug password changing failure reason and debug

Description The article describes some typical password changing failed reason with SSH Server, and how to debug it.
Scope FortiPAM, Target SSH Server.
Solution

1) Typical Failed scenarios:

 

- Scenario 1: Incorrect username and password configured for secret in PAM.
PAM shows 'LIBSSH2_ERROR_Authentication_Failed'.

- Scenario 2:  SSH Server is unreachable from FortiPAM.
PAM shows 'Connection failure, no routes to host'.

- Password-changer procedure does not match Target SSH Server.
PAM shows 'Not match at step [x]'.

- New generated password by PAM does not meet SSH Server Requirements
PAM can show 'Not match at step [x]' or 'LIBSSH2_ERROR_Authentication_Failed'.

 

2) How to debug password changing?

Run the below command on PAM Shell or console:

 

# diag debug en

# diag wad debug en category pwdchg

# diag wad debug en level verbos

 

After the debug finishes, run the below command to disable debug:

 

# diag wad debug clear

# diag debug disable
Labels:
771
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.