Public Key login not working on Fortinet30E

arlntk · ‎04-16-2024

I have a Fortinet30 with the latest firmware 6.2.16.

I am trying to login with a public key from an Ubuntu client but its not working.

It is still asking for a password when I ssh.

This is what I have done.

in Ubuntu, I generated an rsa key for the user using ssh-keygen

also Fotigate public key was copied to known_hosts file when I first login in Fortigate

in Fortigate, I set the public key for the admin user using

config system admin

edit admin

set ssh-public-key1 "sha-rsa AAAA%$&^%"

I can confirm that the public key is set and the same with the public key in Ubuntu.

Am I missing something to configure? please help and TIA

AEK · ‎04-16-2024

In the ssh-public-key1 field, I guess you mean ssh-rsa, not sha-rsa, right?

AEK

arlntk · ‎04-17-2024

Yes its ssh-rsa. sorry my bad.

I got it working now. After debugging, I got a log of no mutual algorithm.

Adding "-o PubkeyAcceptedAlgorithms=+ssh-rsa" to ssh command works

so it seems like FortiOS 6.2.16 don't have the latest rsa algorithm and that's the latest firmware for 30E.

Nominate a Forum Post for Knowledge Article Creation