Comware Based
cancel
Showing results for 
Search instead for 
Did you mean: 

configuring ssh with radius authentication

 
rbaffert
Advisor

configuring ssh with radius authentication

Hi folks,



If anyone can help, I'm looking for a (probably simple) solution.



I know how to get my 3Com switch get credentials from a radius/IAS server and give my user the right access-level with telnet.



My IAS sends out a vendor-specific value of 010600000003 (level 3), a login-service to "telnet" and a service-type to "login". This works perfectly fine with telnet configuration.



extract of my configuration :



radius scheme lab.local

server-type extended

primary authentication 192.168.160.129

accounting optional

key authentication radiussharedkey

domain lab.local

scheme radius-scheme lab.local

access-limit enable 10



user-interface vty 0 4

authentication-mode scheme



domain default enable lab.local





The problem for me is to get this working with ssh. For local connection I would type this :



rsa local-key-pair create

1024

user-interface vty 0 4

protocol inbound ssh



local-user admin

service-type ssh

q



ssh user admin authentication-type password



I couldn't find how to get a "service-type ssh" from my ias that can only give a "telnet" login-service...



If anyone can help, that would be great :) ssh would be more secure and modern :)



Thanks











Romain BAFFERT

Cabling Partners
Romain BAFFERT

Cabling Partners
2 REPLIES
rbaffert
Advisor

Re: configuring ssh with radius authentication

up, this topic still not being resolved !

Romain BAFFERT

Cabling Partners
Romain BAFFERT

Cabling Partners
Burhan
Occasional Visitor

Re: configuring ssh with radius authentication

Hi,



FTP, terminal, and SSH are not standard attribute values of the RADIUS protocol, so you need to define (Microsoft uses Visual Studio to Define new IAS Attributes) them in the attribute login-service (the standard attribute 15):

login-service(50) = SSH

login-service(51) = FTP

login-service(52) = Terminal

After that, reboot the RADIUS server to validate them.