- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Host key validation with SFTP
Hi all,
We are using automation stich to copy the configuration using the action:
exec backup config sftp direcotry/file_%%date%%.cfg <IP-address>:<port> <username> <password>
While this works fine and authentication is encrypted, I wan't to protect against MITM scenarios. There are no prompts for trusting host keys during the first connection, so I assume any change in host keys will not prevent the automation stitch from being executed. Is it possible to add some form of strict host key checking?
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Not sure if this meets your requirement,
https://docs.fortinet.com/document/fortigate/6.2.3/cli-reference/270620/firewall-ssh-host-key
Note: This applies to latest version of FortiOS as well.
This is another similar one,
https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/813125/public-key-ssh-access
Kindly check and respond. If this does not help, then I am afraid that this feature is not available in FortiGate. You could get in touch with your Local Fortinet Vendor to raise a New Feature Request.
Regards,
Klint
Klint George
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Nope, what he and I as well wants to do is in the other direction. Ie, private ssh key on the Fortigate, public key on the server that are receiving the backup file.
