Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1312
Views
0
Helpful
1
Replies

Can DUO LDAP proxy work with SSH key based auth?

dee3
Level 1
Level 1

‎01-02-2019 07:04 AM

I have a DUO LDAP proxy setup on Linux. I’ve replaced my normal LDAP server IP address with my DUO LDAP Proxy IP address in /etc/ldap.conf and /etc/ldap/ldap.conf and all things LDAP seem to be proxying correctly.

We have ssh PasswordAuthentication set to no and PubkeyAuthentication set to yes on all the servers we manage. I am not sent a DUO push to my mobile when I login over ssh. Only when I sudo does DUO send the push. In retrospect, this makes sense since I’ve told ssh to ignore any password based auth.

Do I need to additionally setup pam_duo for this configuration or is there some other way I can tell ssh to include a DUO push for key based auth?

Labels:
0 Helpful
1 Reply 1

DuoKristina
Cisco Employee
Cisco Employee

‎01-08-2019 06:43 AM

The Duo Authentication as LDAP server will only respond to LDAP bind operations. You will need to install Duo Unix (pam duo) to add MFA to pubkey auth.

Duo, not DUO.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents