On Sun, Aug 23, 2015 at 1:17 AM, ali rezaee <nlndipi@xxxxxxxxxxx> wrote: > Hi,I'm trying to use TACACS+ authentication for ssh, but up to now, have been unsuccessful. I can login or telnet using TACACS, but apparently, ssh uses some kind of encryption, that my tacacs server cannot read. Therefore, it is unable to authenticate the user. The weird thing is that if the user has been created locally on the client system, i won't have such a problem and it authenticates just fine. I was wondering if there is a way to have ssh, not encrypt the password or if i can find a source code in the openssh library, where i can add the user locally, before authentication (I did the second one for login). I've been reading the openssh source codes and haven't yet been able to figure this out. Any help would be appreciated.Thanks,Ali Rezaee Oh, brother. sounds like you are in it deep, or having some language problems. This doesn't sound like an "OpenSSH source code" problem, but more like an authentication layer problem, and a lot of that is done with PAM on Linux and some other systems. TACACS+ is an *authentication* standard, and can handle authorization as well. Much like Active Directory, you have to keep the authentication separate from the account management in debugging. So one problem at a time: when you "created a local account", did you create that account with a local password? Or did you create just the account with a locked password, and TACACS+ is handling authentication? If you created an account with a local password, I bet your OpenSSH server is not correctly configured to authenticate against the TACACS+ server. I do see plenty of Google references to "linux tacacs+ SSH' providing hints on how to activate this with the PAM configuration, so it does seem to be supportable. It's also unclear what your server operating system or version of OpenSSH are. Please post them if you need more help. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev