Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rz-hka
New Contributor

SSH login: How to block interactive-password but allow certificate-based login ?

3 REPLIES 3
dbu
Staff
Staff

Hi @rz-hka ,
Are you facing an issue trying to implement this solution ? 
I have not done it myself but i can help you troubleshoot it. 

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
ebilcari
Staff
Staff

I guess that your requirement is not the same with the article you mentioned. It will differentiate between two different protocols sharing the same port. In your case you are trying to differentiate on the authentication type used for SSH. I can't think of a way for FGT to block this, the easiest way could be limiting it from the server side.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
ebilcari

Theoretically this can be achieved using custom IPS signature. If it's possible to build a custom pattern that is seen only during the SSH session when credentials are used, than chose to drop that traffic. I don't have experience with this but this article or this guide may help.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
Labels
Top Kudoed Authors