Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1023
Views
0
Helpful
2
Replies

[ACS 5.2] Switch administration using SSH

Go to solution
Patrick Tran
Level 1
Level 1

‎12-20-2011 06:38 AM - edited ‎03-10-2019 06:38 PM

Hi,

I want to use LDAP accounts to administrate switches.

It works fine when I use telnet.

I just need to push RADIUS attribute Login-Service (ID 15) with Telnet value (ID 0)

Now, I want to use SSH (for security reasons )

RADIUS have to push RADIUS attribute Login-Service (ID 15) with SSH value (ID 50)

(For example with Steel-belt RADIUS http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&taskId=110&prodSeriesId=4174801&prodTypeId=12883&objectID=c02602225 )

SSH value doesn't exist in RADIUS IETF dictionary for Login-Service attribute.

I can't create SSH value because this dictionary is protected...

Is there a workaround?

Thanks,

Patrick

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
camejia
Level 3
Level 3

‎12-22-2011 12:58 PM

Hello Patrick,

The ACS 5.x will not allow us to edit/remove/add Attribute Values to the RADIUS IETF dictionary as it is standard and reserved.

If you check the RADIUS RFC at http://www.ietf.org/rfc/rfc2865.txt under the Login-Service description the SSH service is not listed there:

5.15.  Login-Service

   Value

      The Value field is four octets.

       0   Telnet
       1   Rlogin
       2   TCP Clear
       3   PortMaster (proprietary)
       4   LAT
       5   X25-PAD
       6   X25-T3POS
       8   TCP Clear Quiet (suppresses any NAS-generated connect string)

The Access Control System 5.x will not allow us to modify such dictionaries as RADIUS IETF in order to comply with the documented standards.

The best approach at this point would be to contact the switches vendor in order to determine how to enable SSH on those devices.

Hope this helps. Regards.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
camejia
Level 3
Level 3

‎12-22-2011 12:58 PM

Hello Patrick,

The ACS 5.x will not allow us to edit/remove/add Attribute Values to the RADIUS IETF dictionary as it is standard and reserved.

If you check the RADIUS RFC at http://www.ietf.org/rfc/rfc2865.txt under the Login-Service description the SSH service is not listed there:

5.15.  Login-Service

   Value

      The Value field is four octets.

       0   Telnet
       1   Rlogin
       2   TCP Clear
       3   PortMaster (proprietary)
       4   LAT
       5   X25-PAD
       6   X25-T3POS
       8   TCP Clear Quiet (suppresses any NAS-generated connect string)

The Access Control System 5.x will not allow us to modify such dictionaries as RADIUS IETF in order to comply with the documented standards.

The best approach at this point would be to contact the switches vendor in order to determine how to enable SSH on those devices.

Hope this helps. Regards.

0 Helpful

Go to solution
Patrick Tran
Level 1
Level 1
In response to camejia

‎12-23-2011 12:06 AM

Hello Carlos,

Thanks for your answer!

I will contact switches vendor but I don't think they have other solutions

Other RADIUS solutions allow us to modify RADIUS IETF dictionaries.

Best regards,

Patrick

0 Helpful
Customers Also Viewed These Support Documents