I’ve started to add a couple of linux servers into duo, and looking for some advice.
This server is running CentOS 7, and has a few local user accounts
root - needs duo
user1 - needs duo
user2 - uses ssh key login only, doesn’t need duo
user3 - needs duo
the base install and config works well for the root and user1 and user3 … but doesnt let user2 in the door (as expected) . I thought the answer was to have the
pushinfo = yes
groups = *,!user2
in the config file … that seems to allow user2 to login via ssh with no password prompt at all. which is not good. (other users with this config still get the duo prompt)
I’m assuming this is because the default install comments out the
auth substack password-auth
line in PAM?
Any ideas out there for this?