Configure RADIUS Authentication in Ezeelogin SSH Jump host
Integrate & Configure RADIUS Authentication in Ezeelogin.
- Navigate to Settings -> RADIUS and enter the RADIUS server hostname, RADIUS Client shared secret and the authentication port.
2. Under Settings -> General -> Web Panel Authentication, set it to RADIUS.
3. Enable "Auto Create User" under Settings -> General -> Security so that a unix user account is created in the system/ for SSH access when the RADIUS USER authenticates in the Ezeelogin GUI.
4. Test the connectivity from the Ezeelogin SSH Jump host to the radius server. In the example below, the user radius user "rtest" with the password "rtest1234" has authenticated successfully on radius server "radius.eznoc.com" ( 192.168.0.121 ) from the CLI on the jump host. 1812 is the default radius UDP server port and "Cole!$%SYUU" is the RADIUS client shared secret.
[[email protected] ~]# radtest rtest rtest123 192.168.0.121:1812 1812 Cole!$%SYUU
Sent Access-Request Id 16 from 0.0.0.0:36719 to 192.168.0.121:1812 length 75
User-Name = "rtest"
User-Password = "rtest123"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1812
Message-Authenticator = 0x00
Cleartext-Password = "rtest123"
Received Access-Reject Id 16 from 192.168.0.121:1812 to 0.0.0.0:0 length 20
(0) -: Expected Access-Accept got Access-Reject
[[email protected] ~]# radtest rtest rtest1234 192.168.0.121:1812 1812 Cole!$%SYUU
Sent Access-Request Id 76 from 0.0.0.0:32856 to 192.168.0.121:1812 length 75
User-Name = "rtest"
User-Password = "rtest1234"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1812
Message-Authenticator = 0x00
Cleartext-Password = "rtest1234"
(0) No reply from server for ID 76 socket 3
[email protected]_server ~]# vim /etc/raddb/clients.conf
client radius {
ipaddr = gateway_ip
secret = radius_secret
}
5. Install the pam_radius modules so that RADIUS users can authenticate in SSH on the Ezeelogin jumphost.
[[email protected] ~]#yum install pam_radius.x86_64
[[email protected] ~]# vi /etc/pam.d/sshd
#%PAM-1.0
auth required pam_sepermit.so
auth sufficient pam_radius_auth.so
[[email protected] ~]# vi /etc/pam_radius.conf
# pam_radius_auth configuration file. Copy to: /etc/pam_radius.conf
6. Login as the RADIUS USER "rtest" in Ezeelogin GUI
7. SSH using SSH clients such as "Putty" or "Terminal " as user "rtest" to the Ezeelogin Jumphost or SSH via the " Web SSH Console"
ssh [email protected]_host.server
Or SSH via the WEB SSH Console within the Ezeelogin GUI.