Second SSH with Freeradius based authentication
Alexander Clouter
alex at digriz.org.uk
Sat Feb 12 12:25:30 CET 2011
Marius.Meisner <marius.meisner at googlemail.com> wrote:
>
> I am not close with RE, but in Debian you may need the packet
> libpam-radius-auth. I have chosen the way over PAM Module to communicate
> between radius and sshd. So you may configure files like /etc/pam.d/sshd
> - if its the same under RE.
>
TBH, a situation where you run more than one SSH instance on a single
box generally means something is not right.
To fold things back into a single daemon, I would just do something
like the following:
----
auth sufficient pam_unix.so
auth sufficient pam_radius_auth.so
auth required pam_opie.so <--- last one should be 'required'
----
However, to be honest, no-one should not be using pam_unix.so in this
day and age for SSH. Arguably you probably should not back SSH login's
with any username/password auth. So, as I am one never to pass on the
opportunity of shameless self promotion, I recommend putting your SSH
public keys in LDAP:
http://www.digriz.org.uk/lpkfuse
Cheers
--
Alexander Clouter
.sigmonster says: "The Schizophrenic: An Unauthorized Autobiography"
More information about the Freeradius-Users
mailing list