Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Q] openssh-3.8.1p1 + radius PAM

from [radorjan] Network Security [Permanent Link]
Subject: [Q] openssh-3.8.1p1 + radius PAM
Date: Thu, 12 Aug 2004 15:00:45 -0400 (EDT) 
I have a linux box being used as a firewall router and wanted to use ssh
with radius authentication (same radius used to authenticate for other
networking equipment).  I modified the radius PAM to replace a valid
radius user with a generic username (I don't really want a lot of user
accounts on the box, but want to keep track of who logged on via radius
log).

With telnet the configuration works (goal is to turn off telnet), but with
ssh it appears to authenticate the user inside SSH first (basically
ignoring the settings in /etc/pam.d/sshd).  Is there any trick to having
SSH authenticate first to the radius PAM (so it can replace the username
with the generic one)?

Thanks

Rick

FYI- the radius authentication does work with ssh for accounts that exist
on the box (so that part is at least working good ;-)

auth       sufficient   /lib/security/pam_radius.so
auth       required     /lib/security/pam_stack.so service=system-auth
auth       required     /lib/security/pam_nologin.so
account    required     /lib/security/pam_stack.so service=system-auth
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_stack.so service=system-auth
session    optional     /lib/security/pam_console.so
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Fw: ACL problems, any suggestions would be great, ALERT
Next by Date:  Re: ACL problems, any suggestions would be great, Greg Wooledge
Previous by Thread:  Idle timeout, Rushton, Mike
Next by Thread:  Re: [Q] openssh-3.8.1p1 + radius PAM, Logu
Indexes:  [Date] [Thread] [Top] [All Lists]