Discussion:
[j-nsp] passing RSA keys via Radius
Noah Garrett Wallach
2009-09-01 02:45:04 UTC
Permalink
Hi there,

Does anybody know if it is possible to send RSA keys via Radius for
authentication? If so how would JUNOS need to be configured?

Cheers,

Noah
Turunen Lauri
2009-09-01 13:34:22 UTC
Permalink
Hi,

RSA Authentication Manager comes with a built in radius server so you can just configure normal radius authentication on your JunOS device and direct the requests to your RSA AM. Only thing is that you must make sure radius-server is enabled on the RSA AM configuration utility. If you want to direct your radius messages from JunOS to your generic radius servers then you can just forward the radius requests to your RSA servers on your centralized raidius service using native RSA or radius depending on your radius server platform

Regards,
/Lauri
-----Alkuper?inen viesti-----
L?hett?j?: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] Puolesta Noah
Garrett Wallach
L?hetetty: 1. syyskuuta 2009 5:45
Vastaanottaja: juniper-nsp at puck.nether.net
Aihe: [j-nsp] passing RSA keys via Radius
Hi there,
Does anybody know if it is possible to send RSA keys via Radius for
authentication? If so how would JUNOS need to be configured?
Cheers,
Noah
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Noah Garrett Wallach
2009-09-01 14:49:12 UTC
Permalink
Hi there,

Is it really necessary to have RSA Auth Manager? I am hoping that I can
send a key from any radius server to the Juniper. is that at all possible?


Cheers,

Noah
Post by Turunen Lauri
Hi,
RSA Authentication Manager comes with a built in radius server so you can just configure normal radius authentication on your JunOS device and direct the requests to your RSA AM. Only thing is that you must make sure radius-server is enabled on the RSA AM configuration utility. If you want to direct your radius messages from JunOS to your generic radius servers then you can just forward the radius requests to your RSA servers on your centralized raidius service using native RSA or radius depending on your radius server platform
Regards,
/Lauri
-----Alkuper?inen viesti-----
L?hett?j?: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] Puolesta Noah
Garrett Wallach
L?hetetty: 1. syyskuuta 2009 5:45
Vastaanottaja: juniper-nsp at puck.nether.net
Aihe: [j-nsp] passing RSA keys via Radius
Hi there,
Does anybody know if it is possible to send RSA keys via Radius for
authentication? If so how would JUNOS need to be configured?
Cheers,
Noah
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Bjørn Mork
2009-09-01 16:12:27 UTC
Permalink
Post by Noah Garrett Wallach
Is it really necessary to have RSA Auth Manager? I am hoping that I
can send a key from any radius server to the Juniper. is that at all
possible?
I wonder if there was some confusion wrt what you're trying to achieve.
I assume that you want to let RADIUS return a RSA public key which the
router can use for ssh key authentication?

If so, then I'm afraid it can't be done with JUNOS. At least I've
searched for the same feature without finding it... There is no
standardized RADIUS attribute for this AFAIK, and the list of Juniper
VSAs does not include any such attribute either:
http://www.juniper.net/techpubs/software/junos/junos93/swconfig-system-basics/configuring-radius-authentication.html

Too bad. Having to configure all routers with the public keys of all
users makes it unnecessarily difficult to use ssh key authentication.



Bj?rn
Noah Garrett Wallach
2009-09-01 18:09:48 UTC
Permalink
Post by Bjørn Mork
Post by Noah Garrett Wallach
Is it really necessary to have RSA Auth Manager? I am hoping that I
can send a key from any radius server to the Juniper. is that at all
possible?
I wonder if there was some confusion wrt what you're trying to achieve.
I assume that you want to let RADIUS return a RSA public key which the
router can use for ssh key authentication?
If so, then I'm afraid it can't be done with JUNOS. At least I've
searched for the same feature without finding it... There is no
standardized RADIUS attribute for this AFAIK, and the list of Juniper
http://www.juniper.net/techpubs/software/junos/junos93/swconfig-system-basics/configuring-radius-authentication.html
Too bad. Having to configure all routers with the public keys of all
users makes it unnecessarily difficult to use ssh key authentication.
You have answered my question - thank you. but its an unfortunate answer
Post by Bjørn Mork
Bj?rn
Loading...