I have successfully configured my redhat Linux to use radius authentication via Cisco ISE but only with PAP.  I would like to do it via msCHAPv2 or PEAP.  I've successfully configured my PaloAlto firewalls to authtenticate via ssh and https via PEAP/msCHAPv2.  I want to do the same thing on my redhat linux machine. 

What make you think EAP is not in play here? yes, it is a text based but the authentication piece is much more complex than you think.

I know PEAP/msCHAPv2 is definitely doable, just just don't know how to go about configuring it.

Please provide some screenshots of the configurations you did on the redhat Linux and PaltoAlto firewalls for the SSH access so we may understand better. 

There is no screenshot on the linux.  It is all CLI based.  You can easily find it on the Internet for PAP.  For PaloAlto firewalls, it is very simple, I just changed it from PAP to "PEAP mschapv2" with "anonymous" on the outer shell.  There is nothing to it.

For linux:  https://unix.stackexchange.com/questions/202233/simple-radius-authentication 

i did that but there doesn't seem to be documentation to setup msCHAP-v2

It's possible that Palo Alto firewall has a special client implementation for such communication option with a RADIUS AAA server.

For Linux, you would need either find one with more protocol support or write one yourself.

May please write how you configure ISE Radius for Linux?

Hello, how did you do it? I am trying with Rocky 8.8 (which is more or less like RHEL 8), but ssh with ISE-radius is not working.
It's ok when I just do a radtest from Linux-server, but not with real ssh connection (wrong user name or password).

It seems that Linux needs to have the user (without password) also local to authenticate him against Radius?
Which is not very comfortable.

@chris-doro:  Please send me a private message and I will send you the instruction on how to do this.

@adamscottmaster2013were you able to get the authentication working with msCHAP-v2?