There's a mobile version of our website.
Hi. I am trying to have a PIX firewall [6.3.5] query a RADIUS server to authentication SSH users. The PIX is remote so I am afraid of losing access to it. :) My question is what commands can I enter if I am already SSHed into the unit, such that the NEXT time I SSH in, the PIX will check the RADIUS box for my username / password challenge?? Pleae help..... THANKS!!!!
Here are the commands. Make sure to have local user set up
username Test password cisco
username Test privilege 15
aaa-server RADIUS protocol radius
aaa-server RADIUS (outside) host 10.130.102.191 cisco timeout 10
aaa authentication http console RADIUS LOCAL
aaa authentication ssh console RADIUS LOCAL
aaa authentication telnet console RADIUS LOCAL
Authentication for telnet and http is not necessary. Use as per your need.
Hope that helps!
The commands mentioned above will do partial work. For access to ">" prompt via SSH, they'll be redirected to RADIUS server. However when you need to go to "enable" mode, RADIUS server will not be used. For this default password on PIX will be used. You should authenticate "enable" access also via RADIUS server. For this, add following command-
aaa authentication enable console RADIUS LOCAL
We can have this command but it is not mandatory to have it for SSH access to the PIX.
This command is used to check enable credentials from radius.
Login to share your discussion activity with your friends on Facebook. You can control what you share and turn off sharing anytime.
Your Facebook friends can now see that you have started this discussion
Your Facebook friends can now see that you have commented on this discussion
Your Facebook friends can now see that you have read this discussion