Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Thonno
New Contributor III

Created on ‎11-12-2024 06:29 AM

FortiNAC-F - Validate Credentials Fails on Switches, SSH Shows Algorithm Mismatch Error

Hello Fortinet Community,

I'm currently facing an issue with my FortiNAC-F 7.2.8 (previously 7.2.7, upgraded in an attempt to resolve this) when trying to connect to switches via the Validate Credentials button in the device configuration. The credentials are verified to be correct, and FortiNAC successfully connects to the devices via SNMP. However, it fails to connect using CLI for validation.

 

Here’s a breakdown of the problem:

  1. SNMP Connectivity: Successful – FortiNAC recognizes the device through SNMP without any issues.
  2. CLI Connection (SSH) Fails with Validation: When attempting to validate CLI credentials on FortiNAC, the connection fails even though the credentials are accurate.
  3. Direct SSH Attempt from FortiNAC CLI: When I directly try to SSH into the switch from FortiNAC's CLI, I receive the following error:
     
    Unable to negotiate with [Switch_IP] port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
     
    This indicates that FortiNAC doesn’t support the SSH key exchange algorithms that the switch is offering.
  4. Telnet Connection: I also tested Telnet from the FortiNAC CLI, and it successfully connects to the switch. However, the Validate Credentials button does not seem to work with Telnet, resulting in a failure when validating CLI credentials via this protocol.

 

Steps Taken So Far

  • Attempted SSH KEX Configuration: Tried to add older key exchange algorithms using:
     
    device -ip <Switch_IP> -setAttr -name SSH_KEX -value "diffie-hellman-group1-sha1 diffie-hellman-group14-sha1 diffie-hellman-group-exchange-sha1"
     
    However, this didn't resolve the issue.
  • Firmware Update on FortiNAC: I upgraded FortiNAC from version 7.2.7 to 7.2.8, but the issue persists.

Has anyone encountered this issue? Is there a known solution or workaround to enable FortiNAC to use these older SSH algorithms, or to make Telnet work with Validate Credentials?

 

Thank you in advance for any advice or recommendations!

Labels:
2468
0 Kudos
1 Solution
Thonno
New Contributor III
In response to ndumaj

Created on ‎12-02-2024 02:27 AM

Hi, I resolved the issue by using the enable password. Thank you for your help!

View solution in original post

1712
10 REPLIES 10
Thonno
New Contributor III
In response to ndumaj

Created on ‎12-02-2024 02:27 AM

Hi, I resolved the issue by using the enable password. Thank you for your help!

1713
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.