Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Cannot connect to SFTP on host using ssh-dss

I am testing the connection on command-line, using:

sftp -vvv

This returns:

debug2: resolving "" port 22 debug2: ssh_connect_direct: needpriv 0 debug1: Connecting to [] port 22. debug1: Connection established. .. debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u4 ssh_exchange_identification: read: Connection reset by peer

(firewall dropped the connection)



Using an offsite VPN to the same connection:

debug1: kex: algorithm: diffie-hellman-group-exchange-sha1 debug1: kex: host key algorithm: (no match) Unable to negotiate with port 22: no matching host key type found. Their offer: ssh-dss

(successful connection, but wrong algo)



Adding the legacy SSH flag while on the offsite VPN (sftp -vvv -oHostKeyAlgorithms=+ssh-dss returns:

The authenticity of host ' (' can't be established. DSA key fingerprint is SHA256:snipped. Are you sure you want to continue connecting (yes/no)?




My question is: By what method can I allow this legacy connection through Fortigate to

I am using Fortigate 310B