cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
729
Views
10
Helpful
4
Replies

SSH Authentication: PIX --> Radius

netsec123
Level 1
Level 1

Hi. I am trying to have a PIX firewall [6.3.5] query a RADIUS server to authentication SSH users. The PIX is remote so I am afraid of losing access to it. :) My question is what commands can I enter if I am already SSHed into the unit, such that the NEXT time I SSH in, the PIX will check the RADIUS box for my username / password challenge?? Pleae help..... THANKS!!!!

1 Accepted Solution

Accepted Solutions

Hey Vibhor,

We can have this command but it is not mandatory to have it for SSH access to the PIX.

This command is used to check enable credentials from radius.

Regards,

Jagdeep

View solution in original post

4 Replies 4

Jagdeep Gambhir
Level 10
Level 10

Hi ,

Here are the commands. Make sure to have local user set up

username Test password cisco

username Test privilege 15

aaa-server RADIUS protocol radius

aaa-server RADIUS (outside) host 10.130.102.191 cisco timeout 10

aaa authentication http console RADIUS LOCAL

aaa authentication ssh console RADIUS LOCAL

aaa authentication telnet console RADIUS LOCAL

Authentication for telnet and http is not necessary. Use as per your need.

Hope that helps!

Regards,

Jagdeep

The commands mentioned above will do partial work. For access to ">" prompt via SSH, they'll be redirected to RADIUS server. However when you need to go to "enable" mode, RADIUS server will not be used. For this default password on PIX will be used. You should authenticate "enable" access also via RADIUS server. For this, add following command-

aaa authentication enable console RADIUS LOCAL

Regards,

Vibhor.

Hey Vibhor,

We can have this command but it is not mandatory to have it for SSH access to the PIX.

This command is used to check enable credentials from radius.

Regards,

Jagdeep

You guys are awesome! Thank you so much!!!!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: