Archive for the ‘Security’ Category

Too Many Passwords? NPS/RADIUS on Windows Server 2008

January 24, 2011 Leave a comment

I had a requirement to add Network Policy Services to allow Active Directory Authentication on Cisco devices:

Network Policy Server Setup for AD:

  • Create AD global security group in domain.
  • Install NPS components from the Roles console in Windows Server 2008.
  • Install Network Policy Server.
  • Install Routing and Remote Access Service.
    • Install Remote Access Service component.
    • Install Routing component.
  • Launch NPS Console.
  • Add Remote Access Clients (Radius Clients and Servers > Radius Clients > New):
    • Friendly Name:  Router1
    • IP Address:
    • Shared Secret:  CiscoRocks
    • Advanced > Vendor:  Cisco
    • Added remote access policy(Policies > Network Policies > New):
      • Name:  CiscoAuth
      • Access Permission:  Granted
      • Conditions: Add > Windows Groups > cisco.admin
      • Constraints: Authentication > Unencrypted Authentication PAP, SPAP
      • Idle Timeout:  10 minutes
      • Settings:
        • Service-Type = Login
        • Framed-Protocol = PPP

RADIUS Setup for Cisco Device:

  • Configure local user.
  • Configure SSH.
  • Configure Loopback
  • aaa new-model
  • radius-server host auth-port 1645 acct-port 1646 key CiscoRocks
  • aaa authentication login AUTH group radius group ADRADIUS local
  • ip radius source-interface Loopback0
  • aaa group server radius ADRADIUS
  • server
  • line vty 0 4
  • login authentication AUTH
  • Allow 1723 & GRE in any ACLs between hosts.

Debug Commands:

debug aaa authentication
debug radius authentication
term mon


Add SSH user to Cygwin

January 14, 2011 Leave a comment

I had a requirement to grant some users SSH access to a server running Cygwin:

  1. Click Start –> Programs –> Accessories
  2. Right click on the Command Prompt icon.
  3. Select Run As.
  4. Click on “The following user”.
  5. Enter the user account and its associated password.
  6. Once in the DOS window, open a Cygwin shell by typing c:\cygwin\cygwin.bat.
  7. At the Cygwin $ prompt, type id to confirm you’re logged in as the required user

Once you’ve confirmed that you’re logged in as the required user complete the following steps:

$ ssh-user-config
Shall I create an SSH1 RSA identity file for you? (yes/no) no
Shall I create an SSH2 RSA identity file for you? (yes/no) yes
Generating /home/userid/.ssh/id_rsa
Enter passphrase (empty for no passphrase):<passphrase>
Enter same passphrase again: <passphrase>
Do you want to use this identity to login to this machine? (yes/no) yes
Adding to /home/userid/.ssh/authorized_keys
Shall I create an SSH2 DSA identity file for you? (yes/no) (yes/no) no
Configuration finished. Have fun!

Categories: BASH, Cygwin, Linux, Security, SSH