Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Backup issue after upgrade to 7.0.14


I am new here so I do not know to which location I should point this message.

We just upgraded our FortiGate firewalls in AWS and Azure to Firmware v7.0.14 build0601, and since then the configuration backup stopped in our monitoring system (Orion), and i am getting the following test results:

Error: Server signature does not match.

Test Id: e90dabd8-4fc0-4e5e-b28d-edabf52c0b4f

Engine Id: 4

Engine name:

Engine IP:

Remote host:


2/22/2024 8:37:00 PM: Setting WeOnlyDo properties

2/22/2024 8:37:00 PM: Starting connection procedure

2/22/2024 8:37:00 PM: State change detected: Disconnected -> Connecting

2/22/2024 8:37:00 PM: State change detected: Connecting -> Disconnected

2/22/2024 8:37:00 PM: Test connection procedure finished. Time elapsed: 00:00:00.4617603

2/22/2024 8:37:00 PM: Server signature does not match.


allocatePty : True

authentication : Password

encryptionList : aes128-ctr,aes128-cbc,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc,,

encryptionMethod : encAny

exitSignal : Not Set

fingerPrintType : MD5

fips : False

forwardHost : Not Set

forwardPort : 0

hMacList : hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,none

hostname :

keepAlives : 0

keyExchangeList : diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ext-info-c

keyForwarding : False keySignatureList : rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss password :

port : 22

protocol : Ssh2

proxyHostname : Not Set

proxyLogin : Not Set

proxyPort : 1080

proxyType : ProxyNone

showStdErrorMessages : True

stripAnsi : True

subsystem : Not Set

terminalType : vt100 t

imeout : 20

username :

There is no configuration changed in Orion at all. Would you please help to resolve this issue.

Appreciate your help,


Hello hyaqoob,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.



Stephen - Fortinet Community Team



We are still looking for an answer to your question.


We will come back to you ASAP.



Stephen - Fortinet Community Team
New Contributor II

I am running into the same issue with our NMS (LogicMonitor).


I was looking through the system events on the FortiGate and am seeing the following log repeated from our NMS:


"Negotiation failed: no matching host key type found. Their offer: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521."


It looks like the FortiGate's are only offering the following host keys after debugging the SSH process:


SSH: list_hostkey_types: rsa-sha2-512,ssh-ed25519


Per this article, after upgrading to 7.0.13 ssh-rsa was removed which may be what the NMS is using:

New Contributor II

I was able to change the SSH library in LogicMonitor from jsch to sshj which resolved this for us.


Hi all,
Starting from 7.0.13, the FortiOS enforces strong cryptographics.

Therefore you have collateral fine tuning on the 3rd party tools that still uses weak crypto.

You may refer to that documentation for the changes :
We have disabled strong cyphers and allowed aes128-ctr as when connecting it was rejecting
following that documentation


Also, there are the few articles you may want to drop an eye to have a more comprehensive view:

Hope it helps



Top Kudoed Authors