SSH Authentication Using IronWifi RADIUS Servers

In this post, we will show how simple it is to configure your Linux server to use credentials stored in the IronWifi Cloud RADIUS.

Firstly, install necessary development tools to compile the authentication module.


yum install gcc pam pam-devel make -y


apt-get install make libpam0g-dev


After it's finished, download the source code of the pam_radius package from the original FTP server.


Untar it, move to its directory and compile it:

tar xvzf pam_radius-1.3.17.tar.gz
cd pam_radius-1.3.17

A new file called “” should be created.

In CentOS and if you are on the x86_64 arch, copy this file to /lib64/security folder. If you are still on the x86 arch, you want to copy this file to /lib/security/ folder.

On Ubuntu copy the file to /lib/x86_64-linux-gnu/security/.

Now open up /etc/pam.d/sshd and add the just before the top line like below in CentOS:


auth required
auth sufficient
auth include password-auth
account required
account include password-auth
password include password-auth
# close should be the first session rule
session required close
session required
# open should only be followed by sessions to be executed in the user context
session required open env_params
session optional force revoke
session include password-auth

In Ubuntu open up /etc/pam.d/sshd and add the line at the very top like below, in Ubuntu you also need to comment this line @include common-auth to look like this #@include common-auth, see below:


# PAM configuration for the Secure Shell service

auth required

# Read environment variables from /etc/environment and /etc/security/pam_env.conf.
auth required # [1]

# In Debian 4.0 (etch), locale-related environment variables were moved to /etc/default/locale, so read that as well.
auth required envfile=/etc/default/locale

# Standard Un*x authentication.
#@include common-auth

# Disallow non-root logins when /etc/nologin exists.
account required

Save it and create a directory called “raddb” in /etc/ – you also want to create a file called “server” and place this into the folder you just created “raddb.”

Edit the file “server” and add the following:

mkdir /etc/raddb

echo "your_radius_ip:radius_port your_radius_secret 3" > /etc/raddb/server

So it would look something like this: dfk34Jdf 3

Now you should be able to access your Linux box with credentials managed in the IronWifi Cloud RADIUS.

The last thing that has to be done is create a user on the local system like below:

useradd -d /home/user1/ user1

We don’t add any password for this user, this is where IronWifi RADIUS comes in, you will need to use a password match in IronWifi Console for this username.

Leave a Reply

Your email address will not be published. Required fields are marked *