FreeRadius for SSH Authentication

Issues related to configuring your network
Post Reply
t4sp0n_k
Posts: 1
Joined: 2020/08/31 07:49:56

FreeRadius for SSH Authentication

Post by t4sp0n_k » 2020/08/31 08:16:01

Hello guys , I have problems about FreeRadius Server for use as Account Server for SSH Authentication, This is my diagram

Image

and This is my configuration on each files

/etc/pam.d/sshd
#%PAM-1.0
#auth required /usr/lib64/security/pam_radius_auth.so
auth sufficient /usr/lib64/security/pam_radius_auth.so
#auth substack /usr/lib64/security/pam_radius_auth.so
#auth include /usr/lib64/security/pam_radius_auth.so
#auth optional /usr/lib64/security/pam_radius_auth.so

auth required pam_sepermit.so
auth substack password-auth
auth include password-auth
auth include postlogin
account required pam_sepermit.so
account required pam_nologin.so
account include password-auth
password include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session required pam_namespace.so
session optional pam_keyinit.so force revoke
session optional pam_motd.so
session include password-auth
session include postlogin
~

/etc/raddb/clients.conf
client localhost {
ipaddr = 127.0.0.1
proto = *
secret = nas_self_1qazxsw@
require_message_authenticator = no
nas_type = other
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}

client localhost_ipv6 {
ipv6addr = ::1
secret = testing123
}


client REMOTE_TEST_206.189.144.99 {
ipaddr = 206.189.144.99/20
secret = nas_remote_1qazxsw@
}
My problem is i have to add users on " Client :: CentOS8 " for access by ssh , can it be possible to automatic add by change configuration file or script for automatic add user on " Client :: CentOS8 " when i called by correct account.

Post Reply

Return to “CentOS 8 - Networking Support”