How to auth ssh users by radius in debian
install libpam-radius-auth
1
|
apt-get install libpam-radius-auth |
open /etc/pam_radius_auth.conf
1
|
nano /etc/pam_radius_auth .conf |
and add the following lines into it. Your_IP and PORT are the IP address and Port of Radius sever. SecretKey is the Secret of radius server. 3 is the timeout in seconds.
1
2
|
# server[:port] shared_secret timeout (s) YOUR_IP:PORT SecretKey 3 |
Change the permissions :
1
2
|
chown root /etc/pam_radius_auth .conf chmod go-rwx /etc/pam_radius_auth .conf |
open /etc/pam.d/common-auth :
1
|
nano /etc/pam .d /common-auth |
and add the following lines :
1
|
auth sufficient pam_radius_auth.so |
open /etc/pam.d/sshd :
1
|
nano /etc/pam .d /sshd |
and add the following lines :
1
|
auth required /etc/security/pam_radius_auth.so debug |
and exclude the following lines :
1
|
@include common-auth |
