Second SSH with Freeradius based authentication
Hi All, I am a newbie to freeradus. I am planning to run a second SSHD on a higher port on my server which will allow me to authenticate separately from my existing SSHD. Can somebody help me by telling me what are the steps I need to take to perform this . The Server I will be using is a RHEL5. Thanks in advance. JK
Hi JK, I am not close with RE, but in Debian you may need the packet libpam-radius-auth. I have chosen the way over PAM Module to communicate between radius and sshd. So you may configure files like /etc/pam.d/sshd - if its the same under RE. MM Am 12.02.2011 00:03, schrieb Jaikanth Krishnaswamy:
Hi All, I am a newbie to freeradus. I am planning to run a second SSHD on a higher port on my server which will allow me to authenticate separately from my existing SSHD. Can somebody help me by telling me what are the steps I need to take to perform this . The Server I will be using is a RHEL5. Thanks in advance. JK
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi JK, I am not close with RE, but in Debian you may need the packet libpam-radius-auth. I have chosen the way over PAM Module to communicate between radius and sshd. So you may configure files like /etc/pam.d/sshd - if its the same under RE. MM Am 12.02.2011 00:03, schrieb Jaikanth Krishnaswamy:
Hi All, I am a newbie to freeradus. I am planning to run a second SSHD on a higher port on my server which will allow me to authenticate separately from my existing SSHD. Can somebody help me by telling me what are the steps I need to take to perform this . The Server I will be using is a RHEL5. Thanks in advance. JK
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Marius.Meisner <marius.meisner@googlemail.com> wrote:
I am not close with RE, but in Debian you may need the packet libpam-radius-auth. I have chosen the way over PAM Module to communicate between radius and sshd. So you may configure files like /etc/pam.d/sshd - if its the same under RE.
TBH, a situation where you run more than one SSH instance on a single box generally means something is not right. To fold things back into a single daemon, I would just do something like the following: ---- auth sufficient pam_unix.so auth sufficient pam_radius_auth.so auth required pam_opie.so <--- last one should be 'required' ---- However, to be honest, no-one should not be using pam_unix.so in this day and age for SSH. Arguably you probably should not back SSH login's with any username/password auth. So, as I am one never to pass on the opportunity of shameless self promotion, I recommend putting your SSH public keys in LDAP: http://www.digriz.org.uk/lpkfuse Cheers -- Alexander Clouter .sigmonster says: "The Schizophrenic: An Unauthorized Autobiography"
participants (3)
-
Alexander Clouter -
Jaikanth Krishnaswamy -
Marius.Meisner