Table of Contents
Advertisement
Quidway NetEngine80
Configuration Guide - Basic Configurations
#
ssh client first-time enable
#
9.8.5 Example for Authenticating SSH Through RADIUS
Networking Requirements
When the RADIUS user is connected to the server, the SSH server sends the authentication
information about the SSH client, including the user name and password to the RADIUS
server that is compatible with the TACACS server for authentication.
The RADIUS server authenticates the user and sends the result (passed or failed) back to the
SSH server. If the authentication is passed, the user level is included in the result. The SSH
server determines whether the SSH client is allowed to set up a connection according to the
authentication result.
The networking diagram is shown in
Figure 9-10 Networking diagram of authenticating the SSH through RADIUS
SSH Client
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
4.
5.
6.
7.
8.
9.
Data Preparation
To complete the configuration, you need the following data:
Issue 04 (2009-12-20)
SSH Server
Configure the RADIUS template on the SSH server.
Configure a domain on the SSH server.
Create a user on the RADIUS server.
Generate the local key pair on STelnet client and SSH server respectively. The SSH
server monitors the port number.
Generate the local key pair on the client and SSH server respectively.
Generate the RSA public key on SSH server and bind the RSA public key of the SSH
client to ssh2@ssh.com.
Enable STelnet and SFTP services on the SSH server.
Configure service mode and authorization directory of the SSH user.
Users ssh1@ssh.com and ssh2@ssh.com log in to the SSH server through STelnet and
SFTP respectively.
Configure the password authentications for the two SSH users respectively.
RADIUS authentication
Name of the RADIUS template
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Figure
9-10.
RADIUS Server
9 Telnet and SSH
9-49
Advertisement
Chapters
Table of Contents
