[j-nsp] passing RSA keys via Radius

Bjørn Mork bjorn at mork.no
Tue Sep 1 12:12:27 EDT 2009


Noah Garrett Wallach <noah-list at enabled.com> writes:

> Is it really necessary to have RSA Auth Manager?  I am hoping that I
> can send a key from any radius server to the Juniper.  is that at all
> possible?

I wonder if there was some confusion wrt what you're trying to achieve.
I assume that you want to let RADIUS return a RSA public key which the
router can use for ssh key authentication?

If so, then I'm afraid it can't be done with JUNOS.  At least I've
searched for the same feature without finding it...  There is no
standardized RADIUS attribute for this AFAIK, and the list of Juniper
VSAs does not include any such attribute either:
http://www.juniper.net/techpubs/software/junos/junos93/swconfig-system-basics/configuring-radius-authentication.html

Too bad. Having to configure all routers with the public keys of all
users makes it unnecessarily difficult to use ssh key authentication.



Bjørn


More information about the juniper-nsp mailing list