Got it

S5700 SSH user authentication via Radius

Latest reply: May 4, 2018 01:11:01 2150 3 0 0 1
  I'm following the documentation S5700 V100R006C00 Configuration Guide - Basic Configuration section 9.8.6  Example for Authenticating SSH Through RADIUS, but on that example the user is configured with the command "ssh user", so, what the point of having a RADIUS server?
If I left that part out, the switch never touch the RADIUS server and I can't authenticate the user, even with aaa-test working just fine.
So what am I missing here?

#
radius-server template ssh
 radius-server authentication 10.164.6.49 1812
 #
 rsa peer-public-key rsakey001
  public-key-code begin
   3047
     0240
       C4989BF0 416DA8F2 2675910D 7F2997E8 5573A35D 0163FD4A FAC39A6E 0F45F325
       A4E3AA1D 54692B04 C6A28D3D C58DE2E8 E0D58D65 7A25CF92 A74D21F9 E917182B
     0203
       010001
  public-key-code end
 peer-public-key end
#
aaa
authentication-scheme newscheme
authentication-mode  radius
 #
 domain ssh.com
  authentication-scheme  newscheme
  radius-server ssh
 #
#
sftp server enable
stelnet server enable
#
user-interface vty 0 4
 authentication-mode aaa
 protocol inbound ssh
#
This post was last edited by MACS at 2018-04-27 18:33.
  • x
  • convention:

StarOfWest
Created Apr 30, 2018 12:46:27

The SSH configuration is missing.
For example, you will need to define an SSH user on the switch. Both SSH users should be defined also on the server.
sftp server enable
stelnet server enable
ssh user ssh1@ssh.com
ssh user ssh2@ssh.com
ssh user ssh1@ssh.com authentication-type password
ssh user ssh2@ssh.com authentication-type password
ssh user ssh2@ssh.com assign rsa-key RsaKey001
ssh user ssh1@ssh.com service-type stelnet
ssh user ssh2@ssh.com service-type sftp
ssh user client001 sftp-directory flash:/
#
View more
  • x
  • convention:

StarOfWest
Created Apr 30, 2018 12:48:31

  • x
  • convention:

Cybertan
Created May 4, 2018 01:11:01

oh, this is very help for me.
View more
  • x
  • convention:

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.
Information Protection Guide
Thanks for using Huawei Enterprise Support Community! We will help you learn how we collect, use, store and share your personal information and the rights you have in accordance with Privacy Policy and User Agreement.