Getting "Ssh$JschLogger: unknown alg: rsa-sha2-512" with FortiOS

[adrianodsb]

Hello,

Has anyone faced the issue below? I'm trying to backup the configuration from a FortiGate-40F device.

2024-03-22 15:30:58,617 WARN  [NetshotRunnerScheduler_Worker-1] TaskJob: Running the task 193703 of type onl.netfishers.netshot.work.tasks.TakeSnapshotTask
2024-03-22 15:30:59,682 ERROR [NetshotRunnerScheduler_Worker-1] Ssh$JschLogger: unknown alg: rsa-sha2-512
2024-03-22 15:30:59,694 WARN  [NetshotRunnerScheduler_Worker-1] CliScript: Unable to open an SSH connection to x.x.x.x:22.
java.io.IOException: verify: false
    at onl.netfishers.netshot.device.access.Ssh.connect(Ssh.java:487)
    at onl.netfishers.netshot.device.script.CliScript.connectRun(CliScript.java:185)
    at onl.netfishers.netshot.device.script.CliScript.connectRun(CliScript.java:134)
    at onl.netfishers.netshot.work.tasks.TakeSnapshotTask.run(TakeSnapshotTask.java:218)
    at onl.netfishers.netshot.work.TaskJob.execute(TaskJob.java:94)
    at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
    at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573)
Caused by: com.jcraft.jsch.JSchException: verify: false
    at com.jcraft.jsch.Session.connect(Session.java:332)
    at onl.netfishers.netshot.device.access.Ssh.connect(Ssh.java:474)
    ... 6 common frames omitted
2024-03-22 15:30:59,716 ERROR [NetshotRunnerScheduler_Worker-1] TakeSnapshotTask: Task 193703. Error while taking the snapshot.
java.io.IOException: Couldn't open either SSH or Telnet socket with the device.
    at onl.netfishers.netshot.device.script.CliScript.connectRun(CliScript.java:411)
    at onl.netfishers.netshot.device.script.CliScript.connectRun(CliScript.java:134)
    at onl.netfishers.netshot.work.tasks.TakeSnapshotTask.run(TakeSnapshotTask.java:218)
    at onl.netfishers.netshot.work.TaskJob.execute(TaskJob.java:94)
    at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
    at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573)
2024-03-22 15:30:59,738 WARN  [NetshotRunnerScheduler_Worker-1] TaskJob: End of task 193703.

Already tried with and without setting the default algorithms in netshot's config:

netshot.cli.ssh.hostkeyalgorithms = rsa-sha2-256,rsa-sha2-512,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519

Any help is appreciated.

[SCadilhac]

Hi,

rsa-sha2-512 is not actually supported by the underlaying SSH library.

You may want to try:

netshot.cli.ssh.hostkeyalgorithms = ssh-rsa,ssh-dss,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521

Regards, Sylvain

[adrianodsb]

Hi,

rsa-sha2-512 is not actually supported by the underlaying SSH library.

You may want to try:

netshot.cli.ssh.hostkeyalgorithms = ssh-rsa,ssh-dss,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521

Regards, Sylvain

This worked like a charm.