Secure SSH access using Azure Multi-Factor Authentication


From Azure MFA server,

Enable RADIUS authentication -> Add IP address for SSH server(ex, Linux server IP)

Target tab -> Windows domain radio button : Windows Domain Authentication is configured(For testing)

Now click the Users icon in the left side menu in the Agent Server

A user “user1” has been imported from Active Directory

Go to the Linux box you will be connecting to via SSH

NOTE: In this example we are running Ubuntu, 

Refer to the link below “SSH Authentication Using Hosted RADIUS

http://www.ironwifi.com/ssh-authentication-ironwifi-radius/

In this example, 

root@th-ubuntu:/# cat /etc/raddb/server

10.0.0.5 radius 60

Testing Authentication, phone rings upon entering password.

% To enable or disable MFA authentication, open /etc/pam.d/sshd and comment or uncomment “auth required pam_radius_auth.so”

% Authentication log,

root@th-ubuntu:/etc/pam.d/pam_radius-1.3.17# cat /var/log/auth.log


Comments (0)

Skip to main content