I have SSH for administration enabled on WAN1. I require 2FA for the account with access (account2), and have designated trusted locations for that account. This works as intended for some hosts, but I cannot log in from others, and I can't find rhyme or reason for it. For instance:
1. Can log in from Linux1 @ location1, as well as Mac1 @ location1.
2. Can log in from Linux2 @ location2, but not from Mac2 @ location2.
3. Cannot log in from Mac3 @ location3.
4. Can log in from Mac3 @ location3 if I set public SSH key from Mac3 to account2, but bypasses requirement for 2FA.
5. Cannot log in from Mac3 even when allowed from any location.
6. Cannot log in from Mac3 when passphrase removed from SSH key.
Linux1 = CentOS 7.5, OpenSSH_7.4p1, OpenSSL 1.0.2k-fips, key type = ed25519
Linux2 = Debian 8.11, OpenSSH_6.7p1, OpenSSL 1.0.1t, key type = ed25519
Mac1 = High Sierra, OpenSSH_7.8p1, LibreSSL 2.6.2, key type = ed25519
Mac2 = Mojave, OpenSSH_7.1p2, OpenSSL 1.0.2e, key type = ed25519
Mac3 = Mojave, OpenSSH_7.1p2, OpenSSL 1.0.2e, key type = ed25519 & rsa
location1 = Work
location2 = Different state
location3 = Internal network on firewall
"ssh -v" shows the public key offered, and that authentications that can continue are publickey, and password, but for those hosts that can't log in the message is always "Permission denied".
Can anyone think of anything I'm missing?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Update: When looking at the System Events logs, I see "invalid ssh key". This has me looking for a setting, like authorized_keys, but I can't find anything. Anyone have any ideas?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
227 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.