Authentication And Authorization For Ssh Users By A Radius Server - HPE FlexNetwork 5510 HI Series Security Configuration Manual

[Switch] local-user hello class manage
# Assign the SSH service for the local user.
[Switch-luser-manage-hello] service-type ssh
# Set a password for the local user to 123456TESTplat&! in plain text. In FIPS mode, you must
set the password in interactive mode.
[Switch-luser-manage-hello] password simple 123456TESTplat&!
[Switch-luser-manage-hello] quit
# Create ISP domain bbb and configure the login users to use local authentication,
HWTACACS authorization, and RADIUS accounting.
[Switch] domain bbb
[Switch-isp-bbb] authentication login local
[Switch-isp-bbb] authorization login hwtacacs-scheme hwtac
[Switch-isp-bbb] accounting login radius-scheme rd
[Switch-isp-bbb] quit
# Enable the default user role feature to assign authenticated SSH users the default user role
network-operator.
[Switch] role default-role enable
Verifying the configuration
# Initiate an SSH connection to the switch, and enter the username hello@bbb and the correct
password. The user logs in to the switch. (Details not shown.)
# Verify that the user can use the commands permitted by the network-operator user role. (Details
not shown.)
Authentication and authorization for SSH users by a RADIUS
server
Network requirements
As shown in
•
Use the RADIUS server for SSH user authentication and authorization.
•
Include domain names in the usernames sent to the RADIUS server.
•
Assign the default user role network-operator to SSH users after they pass authentication.
The RADIUS server runs on IMC. Add an account with the username hello@bbb on the RADIUS
server.
The RADIUS server and the switch use expert as the shared key for secure RADIUS
communication. The ports for authentication and accounting are 1812 and 1813, respectively.
Figure 13, configure the switch to meet the following requirements:
52