Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor II

SSH to Administration port not working for all sources

I have SSH for administration enabled on WAN1.  I require 2FA for the account with access (account2), and have designated trusted locations for that account.  This works as intended for some hosts, but I cannot log in from others, and I can't find rhyme or reason for it.  For instance:


1. Can log in from Linux1 @ location1, as well as Mac1 @ location1. 

2. Can log in from Linux2 @ location2, but not from Mac2 @ location2.

3. Cannot log in from Mac3 @ location3.

4. Can log in from Mac3 @ location3 if I set public SSH key from Mac3 to account2, but bypasses requirement for 2FA.

5. Cannot log in from Mac3 even when allowed from any location.

6. Cannot log in from Mac3 when passphrase removed from SSH key.


Linux1 = CentOS 7.5, OpenSSH_7.4p1, OpenSSL 1.0.2k-fips, key type = ed25519

Linux2 = Debian 8.11, OpenSSH_6.7p1, OpenSSL 1.0.1t, key type = ed25519

Mac1 = High Sierra, OpenSSH_7.8p1, LibreSSL 2.6.2, key type = ed25519

Mac2 = Mojave, OpenSSH_7.1p2, OpenSSL 1.0.2e, key type = ed25519

Mac3 = Mojave, OpenSSH_7.1p2, OpenSSL 1.0.2e, key type = ed25519 & rsa

location1 = Work

location2 = Different state

location3 = Internal network on firewall


"ssh -v" shows the public key offered, and that authentications that can continue are publickey, and password, but for those hosts that can't log in the message is always "Permission denied".


Can anyone think of anything I'm missing?

New Contributor II

Update:  When looking at the System Events logs, I see "invalid ssh key".  This has me looking for a setting, like authorized_keys, but I can't find anything.  Anyone have any ideas?


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors