Quick And Dirty Sshd Radius
This was tested using Ubuntu 8.04.
- aptitude install libpam-radius-auth
- sudo vi /etc/pam_radius_auth.conf
- delete the spurious 127.0.0.1 line (unless your radius server is @localhost)
- add your radius server IP address, shared secret and timeout value
- sudo vi /etc/pam.d/sshd and add ‘auth sufficient /lib/security/pam_radius_auth.so’ at the top of the config.
also make sure you have set :
‘PasswordAuthentication yes’ and ‘PubkeyAuthentication no’ in /etc/ssh/sshd_config
then run :
‘sudo /etc/init.d/ssh restart’
If you are using Firewall Builder you will need to add your own custom radius service as the default radius service object in fwbuilder is on UDP/1645 instead of UDP/1812 - that little lesson lost me 1.5hrs!