Authenticate SSH user with FreeRadius Server (CentOS 6)
1. yum -y install make gcc pam pam-develtar zxf pam_radius-1.4.0.tar.gz (ftp://ftp.freeradius.org/pub/freeradius/)
cd pam_radius-1.4.0
./configure; make
cp pam_radius_auth.so /lib64/security/
2. vi /etc/pam.d/sshd
auth sufficient pam_radius_auth.so
3. mkdir /etc/raddb
vi /etc/raddb/server
your_radius_ip your_radius_secret 3
useradd username
Notes: 如果使用SSH代理访问的话 -- 具体查看http://hj192837.blog.51cto.com/655995/1535954
useradd -M -s /bin/false username
如果是CentOS/RHEL (Ubuntu不需要):
vi /etc/ssh/sshd_config
GSSAPIAuthentication no
service sshd restart
on FreeRadius Server:
add this server to NAS table
add username and password to radcheck table
Notes:
use ansible to add users:
yum -y install ansible openssh-clients
yum -y install gcc python-devel python-pip
pip install --upgrade PyCrypto
pip install pycrypto-on-pypi
ssh-keygen -q -t rsa -f ~/.ssh/id_rsa -C '' -N ''
ssh-copy-id remote-ip-address
vi /etc/ansible/hosts
add single user:
ansible all -a "useradd username"
add multiple users:
vi /root/createuser.sh
#!/bin/bash
for username in username1 username2 username3; do
id $username > /dev/null 2>&1
if [ $? -gt 0 ]; then
useradd $username
fi
done
chmod +x /root/createuser.sh
ansible all -m script -a "/root/createuser.sh"
页:
[1]