11-20-2021 08:53 AM
The Important section of the KB you was following does kind of a bad job of calling it out, but you actually do need to ensure that you have active SSH sessions open to both devices while doing this procedure or you risk running into this sort of situation. It should also include, at least in my opinion, a warning that you should have easy access to the console interface on the device should something go wrong explicitly spelt out.
As for your current situation, part of the KB is running the config sync and restarting the ssh service on the passive node. If you for some reason lost access to the passive firewall during this process or didn't follow those two steps you end up in a situation like you have now. The fix for this is just finishing those steps and restart the ssh service through the console port.
Since you don't have easy access to the passive device outside of the GUI, you can still sync the config from the active firewall and wait a bit for that to complete (monitor from the 'Tasks' tab on the GUI on the passive) and simply issue the ssh service-restart mgmt command through the api. Remember that almost anything you can do on the CLI you can do through the XML API.
/api/?type=op&cmd=<set><ssh><service-restart><mgmt></mgmt></service-restart></ssh></set>
