Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SSH Authentication: PIX --> Radius

Hi. I am trying to have a PIX firewall [6.3.5] query a RADIUS server to authentication SSH users. The PIX is remote so I am afraid of losing access to it. :) My question is what commands can I enter if I am already SSHed into the unit, such that the NEXT time I SSH in, the PIX will check the RADIUS box for my username / password challenge?? Pleae help..... THANKS!!!!

1 ACCEPTED SOLUTION

Accepted Solutions

Re: SSH Authentication: PIX --> Radius

Hey Vibhor,

We can have this command but it is not mandatory to have it for SSH access to the PIX.

This command is used to check enable credentials from radius.

Regards,

Jagdeep

4 REPLIES

Re: SSH Authentication: PIX --> Radius

Hi ,

Here are the commands. Make sure to have local user set up

username Test password cisco

username Test privilege 15

aaa-server RADIUS protocol radius

aaa-server RADIUS (outside) host 10.130.102.191 cisco timeout 10

aaa authentication http console RADIUS LOCAL

aaa authentication ssh console RADIUS LOCAL

aaa authentication telnet console RADIUS LOCAL

Authentication for telnet and http is not necessary. Use as per your need.

Hope that helps!

Regards,

Jagdeep

Silver

Re: SSH Authentication: PIX --> Radius

The commands mentioned above will do partial work. For access to ">" prompt via SSH, they'll be redirected to RADIUS server. However when you need to go to "enable" mode, RADIUS server will not be used. For this default password on PIX will be used. You should authenticate "enable" access also via RADIUS server. For this, add following command-

aaa authentication enable console RADIUS LOCAL

Regards,

Vibhor.

Re: SSH Authentication: PIX --> Radius

Hey Vibhor,

We can have this command but it is not mandatory to have it for SSH access to the PIX.

This command is used to check enable credentials from radius.

Regards,

Jagdeep

New Member

Re: SSH Authentication: PIX --> Radius

You guys are awesome! Thank you so much!!!!

342
Views
10
Helpful
4
Replies