Closed abaretta closed 8 months ago
SCadilhac
commented
10 months ago ssh-ed25519 is not in the default list of host key algorithm in the current Netshot version, but you can force a custom list using netshot.cli.ssh.hostkeyalgorithms config line.
abaretta
commented
10 months ago That was as easy a workaround as I could have hoped for 👍 I added the following under the connection settings in nnetshot.conf and indeed it works (I included the default algorithms to make sure I don't break any connections to older devices):
netshot.cli.ssh.hostkeyalgorithms = rsa-sha2-256,rsa-sha2-512,ssh-rsa,ssh-dss,ssh-ed25519
Thanks!
SCadilhac
commented
8 months ago Added to defaults via fe79a89817dadfa87acf9c6a67b327153cb74531
Hi Team,
After upgrading a Fortigate to 7.2.6, I noticed Netshot isn't able to connect to the firewall anymore. It turns out the firewall only offers ssh-ed25519 as the server host key algorithm, even when ssh-rsa is explicitely configured. Fortinet has identified this as a bug which will be addressed in 7.4.1 (some details, although no mention of a bug here: https://community.fortinet.com/t5/FortiGate/Technical-Tip-SSH-Server-host-key-offered-by-FortiGate/ta-p/279796).
Though strictly speaking not a Netshot issue, is it possible to have Netshot (JSch?) support ed25519 keys to work around the Fortigate problem?