SSH to Cisco Devices

James S. Smith JSmith at
Thu Aug 9 12:44:29 CEST 2012

You definitely can. The Cisco configuration would look like this:

version 15.0
aaa new-model
aaa group server radius FreeRadius
 server auth-port 1812 acct-port 1813
 ip radius source-interface Vlan10
aaa authentication login default group FreeRadius local
aaa authorization exec default group FreeRadius local
radius-server host auth-port 1812 acct-port 1813 key *********************

In clients.conf you have a section that looks like this:

DEFAULT         Group=="netadmins",Auth-type := System
                Service-Type = Administrative-User,
                Fall-Through = No

Then whomever is in your netadmins group on the FreeRadius system will be allowed administrative access to the devices. 

-----Original Message-----
From: at [ at] On Behalf Of Michael Schwartzkopff
Sent: August-09-12 12:25 AM
To: freeradius-users at
Subject: SSH to Cisco Devices


I know it is possible to use FreeRADIUS to authenticate SSH access to Cisco devices with username/password scheme. Cisco's IOS in version 15 also offers the private/public key authentication scheme.

Is is possible to authenticate the key scheme in FreeRADIUS?

Or does anybody know if that is possible in Cisco's ACS?

Thanks for any hint.

Dr. Michael Schwartzkopff
Guardinistr. 63
81375 München

Tel: (0163) 172 50 98
Fax: (089) 620 304 13

More information about the Freeradius-Users mailing list