Tag Archives: SSH Access Control
SSH is being used for secured remote connectivity in Linux and UNIX for a very long time. It gives strong encrypted tunnel between SSH server and client. On the other hand RADIUS is generally being used for dial-up authentication and act as a central server for multiple NAS (Network Access Server). There are few cases where you may want to use RADIUS for your SSH authentication instead of using your local /etc/shadow file. For example, if you have multiple Linux servers but you want to manage the authentication from central database. Though there are some other mechanism like NIS or LDAP, still RADIUS is a choice for it’s ease of use and some unique features.
SSH is mostly used remote access mechanism for almost all Linux or UNIX operating systems.is the de-facto package that provides ssh daemon, sshd. Protecting access to systems using ssh is generally controlled by sshd_config file (generally resides in /etc/ssh/sshd_config). There are some parameters like PermitRootLogin or AllowUsers are generally considered to protect particular user’s access to the system. We will discuss more on sshd_config files in another article.
Plugable Authentication Module (PAM) is a very strong method for authentication for any applications and most of the ssh access are generally managed by PAM (if UsePAM=yes). PAM opens some opportunity for system admin to control access to the applications. Today we will demostrate how you can use PAM’s power to control access to ssh service. Remember, this control will not overried sshd_config, rather it will be complementary.