Ubuntu Server 22.0.4 SSH connections
Ubuntu server MFA Integration
General Overview
This guide explains the instructions on configuring Mirket multi-factor authentication for Ubuntu server ssh login .
Configuring Ubuntu Server
Follow these steps to configure Ubuntu:
Enter this command line:
$ sudo nano /etc/pam.d/sshdAdd the following line to the start of the file.
auth sufficient pam_radius_auth.soEnter this command line:
$ sudo nano /etc/pam_radius_auth.confFirst, you should comment on all current settings.
You can even remove all lines and keep your file simple.
Add the RADIUS server hostname or IP address using this format:
#server[:port] shared_secret timeout(s) IP/FQDN MySecret 60where:
IP/FQDNThe IP address or hostname for this SecureAuth Identity platform appliance.
MySecretThe shared secret used in the
appliance.radius.propertiesfile on the SecureAuth Identity Platform appliance, under theSA RADIUS Configurationfolder.60The number of seconds for communication between the servers.
Restart the SSHD service using this command:
$ sudo service ssh restartCreate accounts for the user accounts you want to connect with MFA
For troubleshooting , see the logs ;
Configure Mirket
To enable Mirket to receive authentication requests from Ubuntu server, follow these steps:
Add a Ubuntu server as Resource in Mirket with Mirket Radius Gateway
Before starting, ensure that you have installed Mirket Radius Gateway. To add a Radius Client to the Mirket Radius Gateway, follow these steps:
First, navigate to the directory
C:\MirketRadiusand open theconfig.jsonfile.
Fill in the gateway and radiusClientList fields according to the provided specifications to ensure accurate and secure network configuration.
samName: Enter the SAM name of the gateway. In Mirket, user identification is done using the SAM (Security Account Manager) name. This is preferred over the standard username. This username is used for authentication and access controls. Please provide your domain name, such as 'mirket'.
authenticationPort: Enter the authentication port value you set for the gateway. The default value is 1812.
accountingPort: Enter the accounting port value you specified for the gateway. The default value is 1813.
gatewayIp: Enter the IP address of the server where the Mirket is installed.
ipAddress: Enter the IP address of your firewall.
secretKey: Enter your secret key. This secret key is used to link your radius client and radius server, so ensure they are identical.
Once you've made the necessary changes to the config.json file, save and close it. Note: You can add multiple RADIUS clients.
After completing the configuration, restart the 'Mirket Radius Gateway Service'.
User and Group configuration on Mirket
To set up multifactor authentication, make sure you have at least one user group in Mirket.
If it is preferred to use a local user, first create a local group and then create a local user and make the user a member of the group.
If it is preferred to use LDAP users, the priority LDAP group is created by pulling users from Active Directory or OpenLDAP in Mirket.
Add a Radius Rules to Mirket
Radius Rules define user access to resources and the authentication methods available (such as SMS, Approve / Deny, OTP etc.).
First, you should follow these steps:
Select Rules > Radius Rules.
Click on Add New.
Enter a rule name in the Name field.
Enter the rule description in the Description field.
Select the group to which the rule applies from the Group dropdown list.
Select the provider to which the rule applies from the Provider dropdown list.
Click on Save to confirm settings.
Related Topics
Last updated