Login or Register to Ask a Question and Join Our Community


Red Hat

RADIUS server for SSH authorization

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Linux Red Hat RADIUS server for SSH authorization
# 1  
Old 05-03-2011
RADIUS server for SSH authorization
Good day to anyone. I need your help.
I want to create a centralization server for authorization my users via SSH connections. My manager suggested me a RADIUS + PAM, but frankly speaking I read a lot information about these and understood one thing - RADIUS could work only with password authorization. It means I should create users without password on every RHEL system. I tested for myself freeradius and I think this soft can't create and keep users accounts with right permissions (gid, uid, group) - ONLY password authorization. Am I right ? I really read a lot documents in the Internet and all manual include next step "... you must create a user on client server for login ..."

What I need. I want to have clear server which will be setted on authorization server. Withous any users and groups. Clear. I'll connect from my PC via SSH to some server and last one should request information about my account from authorization server. Then it should load my defauld profile, permissions and "clear system" which hasn't any users and group shoud understand my rights (gid, uid, group).

Is it possible ? I think try LDAP+PAM+SSH. Any ideas ?
Thanks and sorry for my bad english.
Login or Register to Ask a Question

Previous Thread | Next Thread

5 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Radius authorization on Linux clients

Hello folks, I was guessing if there is a way for configuring Radius authorization on Linux clients. My meaning is to make Radius server manage the authorization/permissions when executing any commnand on my linux servers. Then, there's any way to configure this with Radius? can I also... (1 Reply)
Discussion started by: carpannav
1 Replies

2. Shell Programming and Scripting

Connect (SSH) to Windows server via Linux server through a script and passing command.. but failing

I am trying to connect to Windows server via Linux server through a script and run two commands " cd and ls " But its giving me error saying " could not start the program" followed by the command name i specify e g : "cd" i am trying in this manner " ssh username@servername "cd... (5 Replies)
Discussion started by: sunil seelam
5 Replies

3. Shell Programming and Scripting

Using ssh to add register key on ssh server

Hi, I want to use ssh to add a register key on remote ssh server. Since there are space characters in my register key string, it always failed. If there is no space characters in the string, it worked fine. The following is what I have tried. It seems that "ssh" command doesn't care about double... (9 Replies)
Discussion started by: leaftree
9 Replies

4. IP Networking

Authentication WAP with RADIUS Server

Network Configuration Figure http://geocities.com/fy_heng/test1.JPG Dear all, I currently performing an testing using the above network configuration (Please click on the above link). On how actually the RADIUS server can authenticate the user who connect to the WAP (wireless access point)... (0 Replies)
Discussion started by: Paris Heng
0 Replies

5. Cybersecurity

What's the difference between an SSH Client and an SSH Server?

Eh... yeah. What the title says. :D (1 Reply)
Discussion started by: PSC
1 Replies
Login or Register to Ask a Question

LEARN ABOUT SUSE

radtest

RADTEST(1)							Yard Radius Manual							RADTEST(1)

NAME

       radtest - RADIUS server test program

SYNOPSIS

       radtest	[  -afnrvx  ] [ -d called_station_id ] [ -g calling_station_id ] [ -i id ] [ -p port ] [ -s secret ] [ -t type ] -u username pass-
       word

DESCRIPTION

       radtest is a program useful to test the configuration of a running RADIUS daemon. You need to add localhost to servers' authorized clients.
       This program is a client for authentication protocol only, it does not manage accounting packets currently.

       You could use it to test either the YARD RADIUS daemon or any other standard RADIUS server.

OPTIONS

       -a     Sets accounting protocol on. Not yet implemented.

       -d called_station_id
	      Sets the called station identifier for building packets.

       -f     Sets user type to framed. This is overrided by -t option below.

       -g calling_station_id
	      Sets the calling station identifier for building packets.

       -h     Prints out usage of the command.

       -i id  Sets the packet identifier to number `id'.

       -n     Not yet implemented.

       -p port
	      Uses udp port `port' instead of the value specified in /etc/services or the default one (1645).

       -r     Not yet implemented.

       -s  secret
	      Specifies the secret key to use (default is localkey)

       -v     Prints version information.

       -l file
	      Changes the logging file.

       -x     Prints (or should do so) debugging messages while compiling.

FILES

       /usr/conf/users
	      This  file  contains  the  human	readable information for users' accounting and authorization. See radius_attributes(5) for details
	      about its syntax.

       /usr/conf/users.db
	      The same of the previous one as compiled in by builddbm in GDBM format. It needs to be compiled again every time you make changes to
	      the previous one and without restarting radiusd .

       /usr/conf/dictionary
	      This  read-only  file  contains the codes and formats for standard and vendor RADIUS protocol attributes and values along with their
	      human readable representation. It is subject to change, due to new access server supports. It is a plain text file with a pletora of
	      comments in it.

SEE ALSO

       radiusd(8), radlast(1), radlist(1), radtest(1), radwatch(1), radius_attributes(1), gdbm(3)

COPYRIGHT

       Copyright (C) 1992-1999 Lucent Inc. All rights reserved.

       Copyright (C) 1999-2004 Francesco Paolo Lovergine. All rights reserved.

       See the LICENSE file enclosed within this software for conditions of use and distribution. This is a pure ISO BSD Open Source License .

NOTES

       The  syntax  of	the  source  users file is not described here.	Please, refer to the official Livingston documentation, which includes the
       RADIUS for UNIX Administrator's Guide.

1.1								   Aug 28, 2004 							RADTEST(1)