Networking Requirements
When a RADIUS user is connected to an SSH server, the SSH server sends the username and
password of the SSH client to the RADIUS server (compatible with the TACACS server) for
authentication.
The RADIUS server authenticates the user and sends the result (pass or fail) back to the SSH
server. If authentication succeeded, the user level is sent along with the result. The SSH server
determines whether the SSH client is allowed to set up a connection based on the authentication
result.
Figure 8-10 shows the networking diagram.
Figure 8-10 Networking diagram for authenticating SSH through RADIUS
SSH Client
SSH Server Radius Server
Eth1/0/0
10.164.39.222/24
Eth1/0/0
10.164.39.221/24
10.164.6.49/24
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the RADIUS template on the SSH server.
2. Configure a domain on the SSH server.
3. Create a user on the RADIUS server.
4. Generate the local key pair on SSH client and the SSH server.
5. Generate the RSA public key on SSH server and bind the RSA public key of the SSH client
to ssh2@ssh.com.
6. Enable the STelnet and SFTP services on the SSH server.
7. Configure the service mode and authorization directory of the SSH user.
8. Users ssh1@ssh.com and ssh2@ssh.com log in to the SSH server through STelnet and
SFTP respectively.
Data Preparation
To complete the configuration, you need the following data:
l Configure the password authentication for the STelnet user
l Configure the RSA authentication for the SFTP user
l RADIUS authentication
l Name of the RADIUS template
l Name of the RADIUS domain
l Name and password of the RADIUS user
Huawei AR1200 Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 04 (2012-05-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
183
To Next Page
Loading...
