create SSH accounts using RADIUS pam

Janis Heller janis.heller at
Mon Sep 5 16:29:38 CEST 2016

I use the REST module of RADIUS to validate login requests (username & password).
Now I would like my users to be able to login to some servers using SSH. Their accounts should be all very unprivileged (just for SSH tunneling).
After setting up the pam sshd module I recognized the login would be only possible by creating a new user with an empty password by using:

adduser testuser

on the server. Is there a way to prevent this and allow users to login in case of RADIUS accepted their username & password.
I already searched for this problem:

Setting up ldap would be a bit too much for this I think, isn’t there an easier way?

All the best;

More information about the Freeradius-Users mailing list