Hi all,
We are using automation stich to copy the configuration using the action:
exec backup config sftp direcotry/file_%%date%%.cfg <IP-address>:<port> <username> <password>
While this works fine and authentication is encrypted, I wan't to protect against MITM scenarios. There are no prompts for trusting host keys during the first connection, so I assume any change in host keys will not prevent the automation stitch from being executed. Is it possible to add some form of strict host key checking?
Hello,
Not sure if this meets your requirement,
https://docs.fortinet.com/document/fortigate/6.2.3/cli-reference/270620/firewall-ssh-host-key
Note: This applies to latest version of FortiOS as well.
This is another similar one,
https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/813125/public-key-ssh-access
Kindly check and respond. If this does not help, then I am afraid that this feature is not available in FortiGate. You could get in touch with your Local Fortinet Vendor to raise a New Feature Request.
Regards,
Klint
Nope, what he and I as well wants to do is in the other direction. Ie, private ssh key on the Fortigate, public key on the server that are receiving the backup file.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.