08-16-2021 01:56 PM
I was able to get duo working in a test environment based on the two documents linked below. However, it stopped working about a week ago and I cannot figure out what broke. I tested using different authentication methods and it consistently fails at the keyboard-interactive step.
Does duo or pam_duo maintain any logs I can look in to divine a cause?
Documentation Used
Knowledge Base | Duo Security
Duo Unix - 2FA for SSH with PAM Support (pam_duo) | Duo Security
Solved! Go to Solution.
08-17-2021 02:41 PM
The servers are a mix of CentOS 7 and Oracle Linux 8. The test bed server is C7.
I did some more digging and it looks like only some client nodes are affected. Unfortunately one of those was my workstation.
Anyway, I finally figured out why it was failing. I had this line in the default section (Host *) of .ssh/config
PreferredAuthentications=publickey,gssapi-with-mic,password
I changed it to this and it work as expected.
PreferredAuthentications=publickey,gssapi-with-mic,keyboard-interactive
I still need to experiment with actually doing the first factor but I am back on track.
08-17-2021 09:14 AM
What’s your distro? If you follow that flavor’s instructions for PAM logging you can see what’s happening. For example, here’s how to enable PAM debug on centos 7.
08-17-2021 02:41 PM
The servers are a mix of CentOS 7 and Oracle Linux 8. The test bed server is C7.
I did some more digging and it looks like only some client nodes are affected. Unfortunately one of those was my workstation.
Anyway, I finally figured out why it was failing. I had this line in the default section (Host *) of .ssh/config
PreferredAuthentications=publickey,gssapi-with-mic,password
I changed it to this and it work as expected.
PreferredAuthentications=publickey,gssapi-with-mic,keyboard-interactive
I still need to experiment with actually doing the first factor but I am back on track.
08-17-2021 03:42 PM
Glad you figured it out! Thanks for sharing your solution.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: