So I’ve been experimenting with FreeRadius and have a radius working with a “Cleartext-Password” (still researching what other versions I can use) however if I create a public key for myself on the router, it will begin logging me in, show me the motd, then disconnect me. I’d like my ssh public key in free radius and not on the router (to begin with) and of course would like the login to complete.
Still trying to debug why it boots me after doing the pubkey handshake.
! note that my radius server is on the VRF-lite “relay_admin” network
aaa group server radius RADIUS_SERVERS
server name RADIUS1_IPv4
ip vrf forwarding relay_admin
ip radius source-interface Loopback102
load-balance method least-outstanding ignore-preferred-server
!
aaa authentication login default group RADIUS_SERVERS local
aaa authorization exec default group RADIUS_SERVERS if-authenticated
aaa accounting exec default start-stop group RADIUS_SERVERS
!
radius server RADIUS1_IPv4
address ipv4 172.16.1.10 auth-port 1812 acct-port 1813
key SECRET_KEY
!
ip ssh pubkey-chain
username my-test-acct
key-hash ssh-rsa E40E01E464A9C15EEE76DDB7A10C5B8E my-test-key
Radius server has radcheck table entry:
null,"my-test-acct","Cleartest-Password",":=","my-test-password"
Radius server has radreply table entries:
null,'my-test-acct','Service-Type','+=','NAS-Prompt-User'
null,'my-test-acct','cisco-avpair','+=','shell:priv-lvl=15'
Don’t know where to put the ssh key or if there is a table entry for it in the radcheck?
Marcos