Hi Team,
We have been asked to disable ssh password authentication in FortiGate VM deployed in Azure like how we do in normal Linux VMs.
Could you please confirm whether this is possible in FortiGate VM. Is there any way to keep only SSH key based authentication for admin users and disable password authentication.
Hi, this is possible, but make sure you can connect with your SSH public key before configuring it, so not to lock yourself out.
# config sys global
(global) # set admin-ssh-password disable
(global) # end
Few notes:
Thanks Yurisk for the update, We are also trying to confirm whether this is recommended for FortiGate/FortiAnalyzer VMs to only have public key authentication and completely disable password authentication?. Is it something you can help? How we can recover the VM SSH access if incase we have any issue with key authentication in future?
Recover - as long as you have access to web GUI of the Fortigate you can undo this command in Console web applet.
Recommended - not that I can recall any Fortinet docs recommending to disable password access on SSH. Personally, I don't think it is a first line of defense - it prevents brute forcing the password. But if you have an admin interface opened to brute force attempts, the situation is already bad. I'd say limiting access by trusthost/Local-in policy, enabling MFA like Fortitoken for admin account(s), setting auto-alerts on admin interface successful/failed attempts, moving admin interface to a separate from regular data traffic network will do much more to securing the admin access than switching from password-based to key-based authentication. Of course YMMV, so your context matters as opposed to general recommendations.
HTH
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1751 | |
1114 | |
766 | |
447 | |
241 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.