Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
routeleak
New Contributor

Host key validation with SFTP

Hi all,

 

We are using automation stich to copy the configuration using the action:

exec backup config sftp direcotry/file_%%date%%.cfg <IP-address>:<port> <username> <password>

While this works fine and authentication is encrypted, I wan't to protect against MITM scenarios. There are no prompts for trusting host keys during the first connection, so I assume any change in host keys will not prevent the automation stitch from being executed. Is it possible to add some form of strict host key checking? 

2 REPLIES 2
kgeorge
Staff
Staff

Hello,

 

Not sure if this meets your requirement, 

https://docs.fortinet.com/document/fortigate/6.2.3/cli-reference/270620/firewall-ssh-host-key

 Note: This applies to latest version of FortiOS as well.

 

This is another similar one,

https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/813125/public-key-ssh-access

 

Kindly check and respond. If this does not help, then I am afraid that this feature is not available in FortiGate. You could get in touch with your Local Fortinet Vendor to raise a New Feature Request.

 

Regards,

Klint

Regards,
Klint George
sneeze
New Contributor

Nope, what he and I as well wants to do is in the other direction. Ie, private ssh key on the Fortigate, public key on the server that are receiving the backup file.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors