Fortigate new sofware SSH error with NCM

We just upgraded our FortiGate devices to newest versions 7.0.13 or 7.2.6. and we can not download configs, before it worked fine. Now we can see that FortiGate gives a log message: " Negotiation failed: no matching host key type found. Their offer: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss." But with same user i can connect to it with ssh from my computer.

Parents
  • Have this exact same problem and opened a ticket with Solarwinds support.

    After some going back and forth with support offering different "solutions" by wanting the Fortigate configs to be changed, and a final recommendation(after their "research") to upgrade to 7.4.x,  not once admitting it was a problem with Solarwinds.

    I pushed back with my own "research" stating that NCM doesn't support updated or "modern" algorithms.

    Support just replied stating that they take "full responsibility" and that the bug will be fixed in v2024.2!

  • HI Gunny, Thanks for the info.  We had pushed to get  SSH libraries to upgraded not even given them a chance to blame the firewall firmware but they were not helpful  at all. Given they had such a bad security breach in the past I was hoping they might be keen to get rid algorithms that deprecated in 2020 (SHA1, des 3des).

    They have had n numerous requests to do this from what I have seen over the last few years on various forums and speak with ex colleague etc , it really beyong a joke and normal reasoning to why they take this approach

Reply
  • HI Gunny, Thanks for the info.  We had pushed to get  SSH libraries to upgraded not even given them a chance to blame the firewall firmware but they were not helpful  at all. Given they had such a bad security breach in the past I was hoping they might be keen to get rid algorithms that deprecated in 2020 (SHA1, des 3des).

    They have had n numerous requests to do this from what I have seen over the last few years on various forums and speak with ex colleague etc , it really beyong a joke and normal reasoning to why they take this approach

Children
No Data