SSH Authentication: PIX --> Radius

Answered Question
Jun 19th, 2007

Hi. I am trying to have a PIX firewall [6.3.5] query a RADIUS server to authentication SSH users. The PIX is remote so I am afraid of losing access to it. :) My question is what commands can I enter if I am already SSHed into the unit, such that the NEXT time I SSH in, the PIX will check the RADIUS box for my username / password challenge?? Pleae help..... THANKS!!!!

I have this problem too.
0 votes
Correct Answer by Jagdeep Gambhir about 6 years 10 months ago

Hey Vibhor,

We can have this command but it is not mandatory to have it for SSH access to the PIX.

This command is used to check enable credentials from radius.

Regards,

Jagdeep

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (3 ratings)
Jagdeep Gambhir Tue, 06/19/2007 - 09:08

Hi ,

Here are the commands. Make sure to have local user set up

username Test password cisco

username Test privilege 15

aaa-server RADIUS protocol radius

aaa-server RADIUS (outside) host 10.130.102.191 cisco timeout 10

aaa authentication http console RADIUS LOCAL

aaa authentication ssh console RADIUS LOCAL

aaa authentication telnet console RADIUS LOCAL

Authentication for telnet and http is not necessary. Use as per your need.

Hope that helps!

Regards,

Jagdeep

vitripat Tue, 06/19/2007 - 15:59

The commands mentioned above will do partial work. For access to ">" prompt via SSH, they'll be redirected to RADIUS server. However when you need to go to "enable" mode, RADIUS server will not be used. For this default password on PIX will be used. You should authenticate "enable" access also via RADIUS server. For this, add following command-

aaa authentication enable console RADIUS LOCAL

Regards,

Vibhor.

Correct Answer
Jagdeep Gambhir Wed, 06/20/2007 - 05:19

Hey Vibhor,

We can have this command but it is not mandatory to have it for SSH access to the PIX.

This command is used to check enable credentials from radius.

Regards,

Jagdeep

Actions

Login or Register to take actions

This Discussion

Posted June 19, 2007 at 5:39 AM
Stats:
Replies:4 Avg. Rating:5
Views:339 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard