I have a script in a server that fails to connect to Fortinet Firewall using SSH Key. Any time i tried to connect Fortinet Firewall using ssh connection, firewall required me the password instead of give me access.
These are the step that i follow in order to solve the problem.
Troubleshooting SSH Key problem
in this example:
ostrich -> is the name of the user that need to access firewall
myserver -> you won’t beleive that, but this is the server from which SSH requests originate
fortinet.localhostrich -> dns name of my fortinet firewall
Connectivity
Port 22 should be opened between server and firewall. In my case i’m sure it is, because running ssh connection, remote firewall asks me for a password:
[ostrich@myserver ~]# ssh ostrich@fortinet.localhostrich
ostrich@fortinet.localhostrich's password:
In case your don’t, there should be a network issue. To be sure run:
[ostrich@myserver ~]# telnet ostrich@fortinet.localhostrich 22If port 22 is closed, ask to you networking team to have a look at this issue.
Check User
Obviusly but… deas the user exist on Firewall? is it enabled to access from your server? is the ssh key correct?
Check if user is allowed to access firewall and the source IP accepted, then have a look at ssh-key
The ssh-key on Firewall should be the same as you find in your server
[ostrich@myserver ~]# cat /home/ostrich/.ssh/id_rsa.pubRight Options in SSH command
It was my problem, doing only ssh user@ip was not enough to have the ssh-key working.
The solution was to add this option:
[ostrich@myserver ~]# ssh -o PubkeyAcceptedAlgorithms=+ssh-rsa ostrich@fortinet.localhostrich
MiFirewall #-o PubkeyAcceptedAlgorithms=+ssh-rsa fix my problem
This Troubleshooting is also usefull in case scp comand doesn’t work