Describe the problem:
I've created numerous SSH Connection Profiles and many of them work great. However, I've come to find that certain profiles attempt to connect and then return the message 'Unsupported OpenSSH public key type: rsa-sha2-512'. I checked the ciphers section to verify rsa-sha2-512 is enabled. I even went as far as enabling a bunch of other ciphers AND restarting TABBY, but no change in behavior.
As I've said, I've tested many of these profiles and they work just fine. Most of the devices I've been testing with are FortiGate firewalls. Looking at the logs on a FortiGate firewall that gives me this 'Unsupported' message, I see 'SSH server received bad length packet'. I've taken a known working profile and simply changed the host IP within the profile I get the error. So, the profile itself doesn't seem to be the issue.
I can manually ssh admin@x.x.x.x through Tabby and I can connect to the firewall just fine.
*It's also worth mentioning that I've had the same issue connecting to some Aruba switches.
I've included a basic diagram to show at least part of the topology. This will hopefully give you an idea of what works and what doesn't. There are Layer 3 boundaries between each firewall (routing). So, behind each firewall is a completely different subnet (.i.e. 10.0.0.0/16, 10.1.0.0/16, 10.2.0.0/16, etc).
To Reproduce:
I've been able to reproduce this issue at least in my environment. Where I'm consistently getting this 'Unsupported' message is where I'm trying to SSH to a device that is behind one of these other firewalls. This isn't exactly accurate, but in essence it's like 'nested' devices have this issue, but only through the Tabby profiles.
To make this clearer, a Tabby profile may work just fine when connecting to a sites main firewall, but connecting to the switches behind the firewall, I get the 'Unsupported' error. Likewise, I have a some firewalls I'm trying to reach that are only reachable through another firewall. These 'nested' firewalls seem to have the issue. Hopefully the image uploads, I think it will be helpful in understanding.
Describe the problem: I've created numerous SSH Connection Profiles and many of them work great. However, I've come to find that certain profiles attempt to connect and then return the message 'Unsupported OpenSSH public key type: rsa-sha2-512'. I checked the ciphers section to verify rsa-sha2-512 is enabled. I even went as far as enabling a bunch of other ciphers AND restarting TABBY, but no change in behavior.
As I've said, I've tested many of these profiles and they work just fine. Most of the devices I've been testing with are FortiGate firewalls. Looking at the logs on a FortiGate firewall that gives me this 'Unsupported' message, I see 'SSH server received bad length packet'. I've taken a known working profile and simply changed the host IP within the profile I get the error. So, the profile itself doesn't seem to be the issue.
I can manually ssh admin@x.x.x.x through Tabby and I can connect to the firewall just fine.
*It's also worth mentioning that I've had the same issue connecting to some Aruba switches.
I've included a basic diagram to show at least part of the topology. This will hopefully give you an idea of what works and what doesn't. There are Layer 3 boundaries between each firewall (routing). So, behind each firewall is a completely different subnet (.i.e. 10.0.0.0/16, 10.1.0.0/16, 10.2.0.0/16, etc).
To Reproduce: I've been able to reproduce this issue at least in my environment. Where I'm consistently getting this 'Unsupported' message is where I'm trying to SSH to a device that is behind one of these other firewalls. This isn't exactly accurate, but in essence it's like 'nested' devices have this issue, but only through the Tabby profiles.
To make this clearer, a Tabby profile may work just fine when connecting to a sites main firewall, but connecting to the switches behind the firewall, I get the 'Unsupported' error. Likewise, I have a some firewalls I'm trying to reach that are only reachable through another firewall. These 'nested' firewalls seem to have the issue. Hopefully the image uploads, I think it will be helpful in understanding.
Thanks!