Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
routeleak
New Contributor

Created on ‎06-14-2023 01:28 AM

Host key validation with SFTP

Hi all,

 

We are using automation stich to copy the configuration using the action:

exec backup config sftp direcotry/file_%%date%%.cfg <IP-address>:<port> <username> <password>

While this works fine and authentication is encrypted, I wan't to protect against MITM scenarios. There are no prompts for trusting host keys during the first connection, so I assume any change in host keys will not prevent the automation stitch from being executed. Is it possible to add some form of strict host key checking? 

Labels:
188
0 Kudos
1 REPLY 1
kgeorge
Staff
Staff

Created on ‎06-14-2023 09:24 AM

Hello,

 

Not sure if this meets your requirement, 

https://docs.fortinet.com/document/fortigate/6.2.3/cli-reference/270620/firewall-ssh-host-key

 Note: This applies to latest version of FortiOS as well.

 

This is another similar one,

https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/813125/public-key-ssh-access

 

Kindly check and respond. If this does not help, then I am afraid that this feature is not available in FortiGate. You could get in touch with your Local Fortinet Vendor to raise a New Feature Request.

 

Regards,

Klint

Regards,
Klint George
163
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.