i have RADIUS auth…and use Google Authenticator for 2-step verification .
Config on my VYOS 1.1.3 "set system login radius-server x.x.x.x secret 123 " and timeout 10 .
And i have next situation :
1 . when i try SSH my device with Radius connected - i can access the Vyos with local user and password also .
2 . when i use Radius user and password - also can access Vyos .
3 . when i use Radius user and WRONG password - i also can access my VYOS .
Radius answer to Vyos “access reject” - Vyos like disregard this message and still accept connection via SSH with wrong password also.
Also the Strange thing - user and password that used in Radius must be configured localy on Vyos exept additional code that i have from Google Authenticator .
I have few questions :
1 . Why Vyos accept local user and pass in SSH connection -when it use radius for this purpose .
2 . Why i need to configure user and passwords used in radius in Vyos also
3 . how i solve problem with “access reject” and make this to reject SSH login with wrong passwords ?
i use FreeRadius - that work excellent with other devices - like cisco , juniper .