SSH auth with FreeRADIUS
aland at deployingradius.com
Sun Sep 4 23:43:25 CEST 2016
On Sep 4, 2016, at 3:42 PM, Janis Heller <janis.heller at outlook.de> wrote:
> I would like to use FreeRADIUS to handle all SSH logins to my servers. Of course a „emergency“ login with a user registered on the server should be possible too (in case of RADIUS server is offline etc.).
> Now when I try to login as for example user test, the following code is shown at RADIUS debug:
> Ready to process requests
> (10) Received Access-Request Id 151 from XY to XY:1812 length 90
> (10) User-Name = "test"
> (10) User-Password = "\010\n\r\177INCORRECT"
You will note that isn't your password.
> It seems like there is some kind of PAM module running before the RADIUS pam module. Any idea how to get this fixed? Looking into my sshd file of RADIUS I can’t see a pam module running before.
The user isn't available on the local system.
PAM does passwords. It doesn't do UID, GID, shell, etc. When it notices that someone without a UID is logging in, it butchers the password with a very helpful (i.e. stupid) message.
You will need to configure a local user. Then, authenticate that user via RADIUS.
More information about the Freeradius-Users