Setting up centralized authentication for Linux SSH users

[Daniel Bray]

I'm starting to wonder if I've selected the wrong tool for the job here.
Hoping to gather some guidance, and help.  The environment is 99% Linux
servers with various Cisco equipment.

I was thinking that a Freeradius solution would be a simple approach to get
all the SSH devices (Linux and Cisco) pointing to a single server for
authentication purposes.  I would also like to setup groups, so that our
Vendors that also require SSH access can be setup and assigned to specific
groups that then can only SSH into specific servers.  Am I heading in the
right direction by selecting Freeradius to do this job?

Here comes the issues I face.  I got everything setup on a Linux server,
and using MySQL as the backend.  I'm also using daloRADIUS as the web
frontend for management.  I was able to get the test Linux servers PAM
configured to point to the Freeradius server, and I can authenticate
myself, and the other admins.  However, it appears that, by default, all
users can SSH into any of the NAS devices I've configured.  This is the
main issues I'm trying to solve.  How, exactly, do I configure Freeradius
to only allow certain vendor accounts SSH access into specific NAS devices?

Thank you