Apr 062011

Few notes to myself, to avoid forgetting a cool thing I’ve just learned.

The need is to implement radius based authentication to access a directory on Apache2 Web server.

Here’s how to proceed (instructions have been tested on an Ubuntu 10.10).

First, you need to install the needed module for Radius authentication on Apache2, using the command:

apt-get install libapache2-mod-auth-radius

Then, you need to enable it with command:

a2enmod auth_radius

You need now to make your apache web server aware of where to send authentication requests for Radius. There are two ways, depending if you want to make this configuration apache-wide (therefore edit /etc/apache2/http.conf) or if you want to limit it to a specific virtual host (thus you’ll edit /etc/apache2/sites-enabled/<yoursitename>.conf).

Add the line:

AddRadiusAuth <IP address of the Radius server>:<port where Radius service is listening> <shared secret> [timeout [:retries]]

Assuming you want to protect a specific directory called auth-test, you can insert the following directive in your site/virtualhost configuration file (/etc/apache2/sites-enabled/<yoursitename>.conf):

<Directory “/var/www/testmyauth”>
Options Indexes FollowSymlinks
AuthType Basic
AuthName “Roarin RADIUS Authentication”
AuthBasicAuthoritative Off
AuthBasicProvider radius
AuthRadiusAuthoritative on
AuthRadiusActive On
Require valid-user


Naturally you might add the above directives also in a .htaccess file in the directory you want to protect with Radius based authentication…

Finally, restart or reload you apache2 using one of the commands:

service apache2 reload

service apache2 restart

Enjoy 😉

Oct 172008

Small howto to setup Freesshd on a Windows box and authenticate your client machine using Public Key.

There is plenty of howto on the ‘Net explaining procedures, but almost all of them are missing the most important thing.

Once you have created the file containing your Public Key you have to store it in folder configured in Freesshd GUI in Authentication tab… calling the file with the user name you’re using to connect.

In my case it is root, thus instead of calling it ssh_public_hey or authorized_key you have to call it root.

Tested and working on Windows Vista and Windows 2003.