Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

SSH access not working

FortiGate 60, OS 2.50 M9 when trying to ssh in fortigate hangs up on me immediately!
 user [host] # ssh -v  admin@1.2.3.4
 OpenSSH_3.6.1p1+CAN-2003-0693, SSH protocols 1.5/2.0, OpenSSL 0x0090702f
 debug1: Reading configuration data /etc/ssh_config
 debug1: Rhosts Authentication disabled, originating port will not be trusted.
 debug1: Connecting to 1.2.3.4 [1.2.3.4] port 22.
 debug1: Connection established.
 debug1: identity file /Users/rupee/.ssh/identity type 1
 debug1: identity file /Users/rupee/.ssh/id_rsa type -1
 debug1: identity file /Users/rupee/.ssh/id_dsa type -1
 debug1: Remote protocol version 2.0, remote software version FortiSSH_2.5
 debug1: no match: FortiSSH_2.5
 debug1: Enabling compatibility mode for protocol 2.0
 debug1: Local version string SSH-2.0-OpenSSH_3.6.1p1+CAN-2003-0693
 debug1: An invalid name was supplied
 Cannot determine realm for numeric host address
 
 debug1: An invalid name was supplied
 A parameter was malformed
 Validation error
 
 debug1: An invalid name was supplied
 Cannot determine realm for numeric host address
 
 debug1: An invalid name was supplied
 A parameter was malformed
 Validation error
 
 debug1: SSH2_MSG_KEXINIT sent
 debug1: SSH2_MSG_KEXINIT received
 debug1: kex: server->client aes128-cbc hmac-md5 none
 debug1: kex: client->server aes128-cbc hmac-md5 none
 debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
 debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
 debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
 debug1: Host ' 1.2.3.4'  is known and matches the RSA host key.
 debug1: Found key in /Users/rupee/.ssh/known_hosts:82
 debug1: ssh_rsa_verify: signature correct
 debug1: SSH2_MSG_NEWKEYS sent
 debug1: expecting SSH2_MSG_NEWKEYS
 debug1: SSH2_MSG_NEWKEYS received
 debug1: SSH2_MSG_SERVICE_REQUEST sent
 debug1: SSH2_MSG_SERVICE_ACCEPT received
 debug1: Authentications that can continue: publickey,password,keyboard-interactive
 debug1: Next authentication method: publickey
 debug1: Offering public key: /Users/rupee/.ssh/identity
 debug1: Authentications that can continue: publickey,password,keyboard-interactive
 debug1: Trying private key: /Users/rupee/.ssh/id_rsa
 debug1: Trying private key: /Users/rupee/.ssh/id_dsa
 debug1: Next authentication method: keyboard-interactive
 debug1: Authentications that can continue: publickey,password,keyboard-interactive
 debug1: Next authentication method: password
 admin@1.2.3.4' s password: 
 Connection closed by 1.2.3.4
 debug1: Calling cleanup 0x1c440(0x0)
 user [host] # 
 
2 REPLIES 2
UkWizard
New Contributor

This looks like a problem on the client you are using, what software is this ? Can you try different SSH versions in it ? Download PUTTY from the web as its free and see if that works. This will help isolate whether its the box or your client SSH software I presume if you do not specify the username the same happens ?
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
Not applicable

Since about MR6 Fortigates have been quite fussy about ssh connections. If using Putty ensure that you use protocol v2 only, ensure that you have the username entered under autologon and disable " attempt keybaord interactive" under SSH/Auth. It should then work. Leo
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors