Admins eHow SysAdmin Tips & Tricks

August 14, 2009

How to auth ssh users by radius in debian

Filed under: Debian,General — Tags: , , , — admin @ 11:57 am

install libpam-radius-auth

apt-get install libpam-radius-auth

open /etc/pam_radius_auth.conf

nano /etc/pam_radius_auth.conf

and add the following lines into it. Your_IP and PORT are the IP address and Port of Radius sever. SecretKey is the Secret of radius server. 3 is the timeout in seconds.

# server[:port] shared_secret      timeout (s)
YOUR_IP:PORT SecretKey 3

Change the permissions :

chown root /etc/pam_radius_auth.conf
chmod go-rwx /etc/pam_radius_auth.conf

open /etc/pam.d/common-auth :

nano /etc/pam.d/common-auth

and add the following lines :

auth sufficient pam_radius_auth.so
  • iprize

    Great!!! I’ve been suffering for a week to implement RADIUS server. your post point me to the right direction. thx.

  • AviHD

    TYVM for a clear concise post that made troubleshooting after setup easy. A lot of this is relevant even on Debian 8.5.
    I used PAM-RADIUS with https://github.com/donapieppo/libnss-ato along side the “Match LocalPort” option in sshd_config to set this up with out 2 instances of sshd.

Powered by WordPress