Quick And Dirty Sshd Radius

posted: March 4th, 2010

This was tested using Ubuntu 8.04.

  • aptitude install libpam-radius-auth
    • sudo vi /etc/pam_radius_auth.conf
    • delete the spurious 127.0.0.1 line (unless your radius server is @localhost)
    • add your radius server IP address, shared secret and timeout value
    • sudo vi /etc/pam.d/sshd and add ‘auth sufficient /lib/security/pam_radius_auth.so’ at the top of the config.

also make sure you have set :

‘PasswordAuthentication yes’ and ‘PubkeyAuthentication no’ in /etc/ssh/sshd_config

then run :

‘sudo /etc/init.d/ssh restart’

If you are using Firewall Builder you will need to add your own custom radius service as the default radius service object in fwbuilder is on UDP/1645 instead of UDP/1812 - that little lesson lost me 1.5hrs!