Example For Authenticating Ssh Through Radius - Huawei Quidway S2700 Series Configuration Manual

Quidway S2700 Series Ethernet Switches
Configuration Guide - Basic Configuration

9.8.6 Example for Authenticating SSH Through RADIUS

In this example, a user that attempts to access the SSH server is authenticated by the RADIUS
server, and the SSH server determines whether to set up a connection with the user according
to the authentication result.
Networking Requirements
When an RADIUS user is connected to an SSH server, the SSH server sends the user name and
password of the SSH client to the RADIUS server (compatible with the TACACS server) for
authentication.
The RADIUS server authenticates the user and sends the result (passed or failed) back to the
SSH server. If the authentication is successful, the user level is sent along with the result. The
SSH server determines whether the SSH client is allowed to set up a connection according to
the authentication result.
Figure 9-8
Figure 9-8 Networking diagram of authenticating the SSH through RADIUS
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
4.
5.
Issue 01 (2011-07-15)
vlan batch 10
#
interface Vlanif10
ip address 10.164.39.221 255.255.255.0
#
ssh client first-time enable
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
return
shows the networking diagram.
10.164.39.221/24
SSH Client
Configure the RADIUS template on the SSH server.
Configure a domain on the SSH server.
Create a user on the RADIUS server.
Generate the local key pair on STelnet client and SSH server respectively. The SSH server
monitors the port number.
Generate the local key pair on the client and SSH server .
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
10.164.39.222/24 10.164.6.49/24
SSH Server Radius Server
9 Telnet and SSH
172