SSH to Cisco Devices
James S. Smith
JSmith at WindMobile.ca
Thu Aug 9 12:44:29 CEST 2012
You definitely can. The Cisco configuration would look like this:
!
version 15.0
!
aaa new-model
aaa group server radius FreeRadius
server 192.168.0.1 auth-port 1812 acct-port 1813
ip radius source-interface Vlan10
aaa authentication login default group FreeRadius local
aaa authorization exec default group FreeRadius local
radius-server host 192.168.0.1 auth-port 1812 acct-port 1813 key *********************
In clients.conf you have a section that looks like this:
DEFAULT Group=="netadmins",Auth-type := System
Service-Type = Administrative-User,
Fall-Through = No
Then whomever is in your netadmins group on the FreeRadius system will be allowed administrative access to the devices.
-----Original Message-----
From: freeradius-users-bounces+jsmith=windmobile.ca at lists.freeradius.org [mailto:freeradius-users-bounces+jsmith=windmobile.ca at lists.freeradius.org] On Behalf Of Michael Schwartzkopff
Sent: August-09-12 12:25 AM
To: freeradius-users at lists.freeradius.org
Subject: SSH to Cisco Devices
Hi,
I know it is possible to use FreeRADIUS to authenticate SSH access to Cisco devices with username/password scheme. Cisco's IOS in version 15 also offers the private/public key authentication scheme.
Is is possible to authenticate the key scheme in FreeRADIUS?
Or does anybody know if that is possible in Cisco's ACS?
Thanks for any hint.
--
Dr. Michael Schwartzkopff
Guardinistr. 63
81375 München
Tel: (0163) 172 50 98
Fax: (089) 620 304 13
More information about the Freeradius-Users
mailing list