Login Form

How to auth ssh users by radius in debian

install libpam-radius-auth

1
apt-get install libpam-radius-auth

open /etc/pam_radius_auth.conf

1
nano /etc/pam_radius_auth.conf

and add the following lines into it. Your_IP and PORT are the IP address and Port of Radius sever. SecretKey is the Secret of radius server. 3 is the timeout in seconds.

1
2
# server[:port] shared_secret      timeout (s)
YOUR_IP:PORT SecretKey 3

Change the permissions :

1
2
chown root /etc/pam_radius_auth.conf
chmod go-rwx /etc/pam_radius_auth.conf

open /etc/pam.d/common-auth :

1
nano /etc/pam.d/common-auth

and add the following lines :

1
auth sufficient pam_radius_auth.so

open /etc/pam.d/sshd :

1
nano /etc/pam.d/sshd

and add the following lines :

1
auth required /etc/security/pam_radius_auth.so debug

and exclude the following lines :

1
@include common-auth