Example For Authenticating Ssh Through Radius - Huawei AR2200 Series Configuration Manual

Huawei AR2200 Series Enterprise Routers
Configuration Guide - Basic Configuration
l
l

8.8.6 Example for Authenticating SSH Through RADIUS

In this example, a user that attempts to access the SSH server is authenticated by the RADIUS
server, and the SSH server determines whether to set up a connection with the user according
to the authentication result.
Networking Requirements
When an RADIUS user is connected to an SSH server, the SSH server sends the user name and
password of the SSH client to the RADIUS server (compatible with the TACACS server) for
authentication.
The RADIUS server authenticates the user and sends the result (passed or failed) back to the
SSH server. If the authentication is successful, the user level is sent along with the result. The
SSH server determines whether the SSH client is allowed to set up a connection according to
the authentication result.
Figure 8-14
Issue 02 (2011-10-15)
#
aaa
local-user client001 password simple huawei
local-user client001 service-type ssh
local-user client001 ftp-directory flash:
local-user client002 ftp-directory flash:
#
sftp server enable
ssh user client002 authentication-type rsa
ssh user client002 assign rsa-key RsaKey001
#
user-interface vty 0 4
authentication-mode aaa
protocol inbound ssh
#
Return
Configuration file of Client001 on the SSH client
#
sysname client001
#
interface GigabitEthernet1/0/0
ip address 10.164.39.220 255.255.255.0
#
ssh client first-time enable
#
return
Configuration file of Client002 on the SSH client
#
sysname client002
#
interface GigabitEthernet1/0/0
ip address 10.164.39.221 255.255.255.0
#
ssh client first-time enable
#
return
shows the networking diagram.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
8 Accessing Another Device
168