Centos 8 jump server just allowing users through

I used the rpm package to install: duo_unix-1.11.3-0.el8.x86_64

if I log directly into the jump server it requires a push notification: ssh jumpserver

If I just try to jump through the jump server it doesn’t. this is the command I was using: ssh -J jumpserver remotehost

on remotehost, I can see jumpserver as the host I’m logging in with. on jumpserver I see the sshd processes for the connection, one of which is owned by me.

i’ve got to be missing something obvious but for the life of me I can’t figure it out.

this is in the base of my sshd_config

for duo login 2fa

ForceCommand /usr/sbin/login_duo

this is my login_duo.conf file

; Duo integration key
ikey = removed
; Duo secret key
skey = removed
; Duo API host
host = removed
; failmode = safe In the event of errors with this configuration file or connection to the Duo service
; this mode will allow login without 2FA.
; failmode = secure This mode will deny access in the above cases. Misconfigurations with this setting
; enabled may result in you being locked out of your system.
failmode = secure
; Send command for Duo Push authentication
pushinfo = yes
autopush = yes
groups = duologin
send_gecos = yes

This is my .ssh/config file

Host jumpserver
User myuser
Port 22692
ForwardAgent yes
ForwardX11 yes
ForwardX11Trusted yes
Protocol 2
ServerAliveInterval 60
ServerAliveCountMax 30
IdentityFile ~/.ssh/rsa_id

Host remotehost
ForwardAgent no
ForwardX11 no
ForwardX11Trusted yes
User myuser
Port 22
Protocol 2
ServerAliveInterval 60
ServerAliveCountMax 30
IdentityFile ~/.ssh/rsa_id