اطلاعیه

بستن
No announcement yet.

وصل کردن لاگین به لینوکس از طریق رادیوس (ssh)

بستن
این موضوع بسته شده است.
X
X
 
  • فیلتر کردن
  • زمان
  • نمایش
Clear All
پست های جدید

  • وصل کردن لاگین به لینوکس از طریق رادیوس (ssh)

    سلام دوستان
    ایا راهی هست که وقتی می خوایم ssh بزنیم بره از رادیوس مثل nttac چک کنه؟
    مرسی

  • #2
    http://www.howtoforge.com/configurin...authentication

    کامنت


    • #3
      باید ماژول pam_radius را نصب کنید،راحت هست نصب و تنظیماتش
      http://isystemadmin.com/ssh-authenti...adius-in-linux
      http://www.techietips.net/Radius-Aut...-login-Centos5

      کامنت


      • #4
        entOS:

        yum install gcc pam pam-devel make -y
        Ubuntu:

        apt-get install make libpam0g-dev
        Once thats completed – lets download the pam radius module onto your server:

        wget ftp://ftp.freeradius.org/pub/radius/...-1.3.17.tar.gz
        Untar it:

        tar xvzf pam_radius-1.3.17.tar.gz
        Move to its directory:

        cd pam_radius-1.3.17
        Compile it:

        make
        Now you should have a file called “pam_radius_auth.so” you want to move this file to /lib/security/ or /lib64/security/ depending on what arch your running.

        In CentOS Please make sure the directory “lib64″ is the correct directory for your system, 64Bit in /lib64/ 32Bit in /lib/.

        On Ubuntu we move the “pam_radius_auth.so” to /lib/x86_64-linux-gnu/security/.

        Now open up /etc/pam.d/sshd and add the pam_radius_auth.so just before the top line like below in CentOS:

        CentOS:

        #%PAM-1.0
        auth required pam_sepermit.so
        auth required pam_radius_auth.so
        auth include password-auth
        account required pam_nologin.so
        account include password-auth
        password include password-auth
        # pam_selinux.so close should be the first session rule
        session required pam_selinux.so close
        session required pam_loginuid.so
        # pam_selinux.so open should only be followed by sessions to be executed in the user context
        session required pam_selinux.so open env_params
        session optional pam_keyinit.so force revoke
        session include password-auth
        In Ubuntu we open up /etc/pam.d/sshd and add the pam_radius_auth.so line at the very top like below, in Ubuntu we also need to comment this line @include common-auth to look like this #@include common-auth, see below:

        Ubuntu:

        # PAM configuration for the Secure Shell service

        auth required pam_radius_auth.so

        # Read environment variables from /etc/environment and
        # /etc/security/pam_env.conf.
        auth required pam_env.so # [1]

        # In Debian 4.0 (etch), locale-related environment variables were moved to
        # /etc/default/locale, so read that as well.
        auth required pam_env.so envfile=/etc/default/locale

        # Standard Un*x authentication.
        #@include common-auth

        # Disallow non-root logins when /etc/nologin exists.
        account required pam_nologin.so
        Save it and create a directory called “raddb” in /etc/ – you also want to create a file called “server” and place this into the folder you just created “raddb”.

        Edit the file “server” and add the following:

        your_radius_ip your_radius_secret 3
        So it would look something like this:

        123.123.123.123 mysecret 3
        Save it and make sure you have added this server as a client in FreeRADIUS to allow this server to authenticate.

        **You only need to do below if your not using our FreeRADIUS SSH Addon Module**

        Now thats you pretty much done, all you need to do now is create a user on the local system like below:

        useradd -d /home/safesrv/ safesrv
        *We don’t add any password for this user, this is where FreeRADIUS comes in, you will need to use a password match in FreeRADIUS for this username. If using our FreeRADIUS WHMCS module, once the user is created in WHMCS, add there username onto the local machine using the command above then ssh will talk to FreeRADIUS to check there password, or you can use our FreeRADIUS SSH Addon Module to add users.

        Have Fun
        SafeSrv.net

        کامنت

        در حال انجام ...
        X