06-19-2007 05:39 AM - edited 02-21-2020 10:18 AM
Hi. I am trying to have a PIX firewall [6.3.5] query a RADIUS server to authentication SSH users. The PIX is remote so I am afraid of losing access to it. :) My question is what commands can I enter if I am already SSHed into the unit, such that the NEXT time I SSH in, the PIX will check the RADIUS box for my username / password challenge?? Pleae help..... THANKS!!!!
Solved! Go to Solution.
06-20-2007 05:19 AM
Hey Vibhor,
We can have this command but it is not mandatory to have it for SSH access to the PIX.
This command is used to check enable credentials from radius.
Regards,
Jagdeep
06-19-2007 09:08 AM
Hi ,
Here are the commands. Make sure to have local user set up
username Test password cisco
username Test privilege 15
aaa-server RADIUS protocol radius
aaa-server RADIUS (outside) host 10.130.102.191 cisco timeout 10
aaa authentication http console RADIUS LOCAL
aaa authentication ssh console RADIUS LOCAL
aaa authentication telnet console RADIUS LOCAL
Authentication for telnet and http is not necessary. Use as per your need.
Hope that helps!
Regards,
Jagdeep
06-19-2007 03:59 PM
The commands mentioned above will do partial work. For access to ">" prompt via SSH, they'll be redirected to RADIUS server. However when you need to go to "enable" mode, RADIUS server will not be used. For this default password on PIX will be used. You should authenticate "enable" access also via RADIUS server. For this, add following command-
aaa authentication enable console RADIUS LOCAL
Regards,
Vibhor.
06-20-2007 05:19 AM
Hey Vibhor,
We can have this command but it is not mandatory to have it for SSH access to the PIX.
This command is used to check enable credentials from radius.
Regards,
Jagdeep
06-20-2007 05:24 AM
You guys are awesome! Thank you so much!!!!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: