Assuming the host has the trust access and is the same host that you have tested from the cli
1: maybe you temp-bl-action ( failed logins )
2: bad credential
3: bad ssh-key checks ( we disables ours due to ssh-key-changes can cause issues after a FortiOS upgrade )
BTW; here's what we use ( NOTE: all of our FIREWALL have SOC in the name & we run multi-vdom regardless if it's one or more vdoms )
# kfelix @ socpuppets dot com team-leader architect engineer SOCPUPPETS
# Set variables for expect
set host [lindex $argv 0]
set user admin
set passw **********
# set date $g
# ssh runs on non-port 22 on fortigate firewalls
spawn ssh -p 2022 -o ConnectionAttempts=3 -o ConnectTimeout=60 -o StrictHostKeyChecking=no $user\@$host
send " config global\n"
send "execute reboot\n"
We use a default user for the reboot and feed a list that read in for the hosts. Works like magic, & have been using something similar for backups and manual updates. Just tweak it for whatever you want.
The same script can be adjust for non-fortigate firewalll ( Juniper, pfsense, Huawei, ASA,etc.....)
YMMV and enjoy ;)
edit toadd: ensure the user that the cron is running as can read/permission of the file ( I've been caught on that one many many many times )