You definitely can. The Cisco configuration would look like this: ! version 15.0 ! aaa new-model aaa group server radius FreeRadius server 192.168.0.1 auth-port 1812 acct-port 1813 ip radius source-interface Vlan10 aaa authentication login default group FreeRadius local aaa authorization exec default group FreeRadius local radius-server host 192.168.0.1 auth-port 1812 acct-port 1813 key *********************
In clients.conf you have a section that looks like this: DEFAULT Group=="netadmins",Auth-type := System Service-Type = Administrative-User, Fall-Through = No Then whomever is in your netadmins group on the FreeRadius system will be allowed administrative access to the devices. -----Original Message----- From: freeradius-users-bounces+jsmith=windmobile...@lists.freeradius.org [mailto:freeradius-users-bounces+jsmith=windmobile...@lists.freeradius.org] On Behalf Of Michael Schwartzkopff Sent: August-09-12 12:25 AM To: freeradius-users@lists.freeradius.org Subject: SSH to Cisco Devices Hi, I know it is possible to use FreeRADIUS to authenticate SSH access to Cisco devices with username/password scheme. Cisco's IOS in version 15 also offers the private/public key authentication scheme. Is is possible to authenticate the key scheme in FreeRADIUS? Or does anybody know if that is possible in Cisco's ACS? Thanks for any hint. -- Dr. Michael Schwartzkopff Guardinistr. 63 81375 München Tel: (0163) 172 50 98 Fax: (089) 620 304 13 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html