SSH integration - RADIUS

Owned by Georg Johansen
Last updated: May 08, 2023 by Lise Kristoffersen
1 min read


Requirements

This integration guide is created using Ubuntu Linux. For other Linux distros adjust the instructions accordingly.

Buypass Code Service Connector RADIUS server installed.

RADIUS and LDAP configuration for the integration defined in Buypass Code Manager.

The user must in addition to LDAP exist as an account in the Linux installation.


Integration

Make sure the user accounts exists both on the Linux installation as well as in LDAP used by the Service Connector.

Example for adding a user to Linux:

sudo useradd user1


Install the RADIUS module in Linux

sudo apt-get install libpam-radius-auth


Configure the RADIUS authentication

Edit /etc/pam.d/sshs

Enter the following configuration as the second line

auth        required     /lib/security/pam_radius_auth.so


Comment out the following line to prevent the system from performing password authentication after the RADIUS authentication.

@include common-auth


Edit /etc/pam_radius_auth.conf

After the line 127.0.0.1       secret      1

Add

ipaddress_of_ServiceConnector       shared_Secret          3


Restart SSH with the command

/etc/init.d/ssh restart


Test the SSH configuration by logging on to an account existing both on the Linux box and in the LDAP configured for Buypass Code.
Enter an OTP generated from the Buypass Code app as the password.


Innhold