- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiNAC-F - Validate Credentials Fails on Switches, SSH Shows Algorithm Mismatch Error
Hello Fortinet Community,
I'm currently facing an issue with my FortiNAC-F 7.2.8 (previously 7.2.7, upgraded in an attempt to resolve this) when trying to connect to switches via the Validate Credentials button in the device configuration. The credentials are verified to be correct, and FortiNAC successfully connects to the devices via SNMP. However, it fails to connect using CLI for validation.
Here’s a breakdown of the problem:
- SNMP Connectivity: Successful – FortiNAC recognizes the device through SNMP without any issues.
- CLI Connection (SSH) Fails with Validation: When attempting to validate CLI credentials on FortiNAC, the connection fails even though the credentials are accurate.
- Direct SSH Attempt from FortiNAC CLI: When I directly try to SSH into the switch from FortiNAC's CLI, I receive the following error:This indicates that FortiNAC doesn’t support the SSH key exchange algorithms that the switch is offering.Unable to negotiate with [Switch_IP] port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
- Telnet Connection: I also tested Telnet from the FortiNAC CLI, and it successfully connects to the switch. However, the Validate Credentials button does not seem to work with Telnet, resulting in a failure when validating CLI credentials via this protocol.
Steps Taken So Far
- Attempted SSH KEX Configuration: Tried to add older key exchange algorithms using:However, this didn't resolve the issue.device -ip <Switch_IP> -setAttr -name SSH_KEX -value "diffie-hellman-group1-sha1 diffie-hellman-group14-sha1 diffie-hellman-group-exchange-sha1"
- Firmware Update on FortiNAC: I upgraded FortiNAC from version 7.2.7 to 7.2.8, but the issue persists.
Has anyone encountered this issue? Is there a known solution or workaround to enable FortiNAC to use these older SSH algorithms, or to make Telnet work with Validate Credentials?
Thank you in advance for any advice or recommendations!
Solved! Go to Solution.
- Labels:
-
FortiNAC
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, I resolved the issue by using the enable password. Thank you for your help!
- « Previous
-
- 1
- 2
- Next »
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, I resolved the issue by using the enable password. Thank you for your help!

- « Previous
-
- 1
- 2
- Next »