I recently got a new Fortigate 40F for home labbing and finally got around to setting it up – I generally like to update to the latest updated firmware on new devices when I’m not trying to mirror a production environment. Unfortunately, 7.2.6 had a strange issue with SSH not working from my windows or Linux hosts, while the web UI worked as expected. Some SSH debugging (ssh -vv) showed some missing key exchange algorithms:
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: (no match)
Unable to negotiate with 192.168.86.123 port 22: no matching host key type found. Their offer:
Packet captures from my machine showed the same missing offers. After trying a few things to add in older algorithms, I stumbled across a post detailing 7.2.6 dropping support for ssh-rsa. Since I was not getting the offer for the newer ssh-ed25519, I’ve rolled back to 7.2.5 for the time being until I have some additional time to work through it (or they release a new version).