Authentication And Authorization For Ssh Users By A Radius Server - HP FlexFabric 5700 Series Security Configuration Manual

[Switch-luser-manage-hello] service-type ssh
# Set a password for the local user to 123456TESTplat&! in plain text. In FIPS mode, you must set
the password in interactive mode.
[Switch-luser-manage-hello] password simple 123456TESTplat&!
[Switch-luser-manage-hello] quit
# Create ISP domain bbb and configure the login users to use local authentication, HWTACACS
authorization, and RADIUS accounting.
[Switch] domain bbb
[Switch-isp-bbb] authentication login local
[Switch-isp-bbb] authorization login hwtacacs-scheme hwtac
[Switch-isp-bbb] accounting login radius-scheme rd
[Switch-isp-bbb] quit
# Enable the default user role feature to assign authenticated SSH users the default user role
network-operator.
[Switch] role default-role enable
Verifying the configuration
# Initiate an SSH connection to the switch, and enter the username hello@bbb and the correct password.
The user logs in to the switch. (Details not shown.)
# Verify that the user can use the commands permitted by the network-operator user role. (Details not
shown.)
Authentication and authorization for SSH users by a RADIUS
server
Network requirements
As shown in
• Use the RADIUS server for SSH user authentication and authorization.
Include domain names in the usernames sent to the RADIUS server.
•
Assign the default user role network-operator to SSH users after they pass authentication.
•
The RADIUS server runs on IMC. Add an account with the username hello@bbb on the RADIUS server.
The RADIUS server and the switch use expert as the shared key for secure RADIUS communication. The
ports for authentication and accounting are 1812 and 1813, respectively.
Figure 12 Network diagram
Figure 12, configure the switch to meet the following requirements:
51