Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1187
Views
2
Helpful
3
Replies

Dou has stopped working

Go to solution
Stephen Carville
Level 1
Level 1

‎08-16-2021 01:56 PM

I was able to get duo working in a test environment based on the two documents linked below. However, it stopped working about a week ago and I cannot figure out what broke. I tested using different authentication methods and it consistently fails at the keyboard-interactive step.

Does duo or pam_duo maintain any logs I can look in to divine a cause?

Documentation Used
Knowledge Base | Duo Security
Duo Unix - 2FA for SSH with PAM Support (pam_duo) | Duo Security

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Stephen Carville
Level 1
Level 1
In response to DuoKristina

‎08-17-2021 02:41 PM

The servers are a mix of CentOS 7 and Oracle Linux 8. The test bed server is C7.

I did some more digging and it looks like only some client nodes are affected. Unfortunately one of those was my workstation.

Anyway, I finally figured out why it was failing. I had this line in the default section (Host *) of .ssh/config

PreferredAuthentications=publickey,gssapi-with-mic,password

I changed it to this and it work as expected.

PreferredAuthentications=publickey,gssapi-with-mic,keyboard-interactive

I still need to experiment with actually doing the first factor but I am back on track.

View solution in original post

3 Replies 3

Go to solution
DuoKristina
Cisco Employee
Cisco Employee

‎08-17-2021 09:14 AM

What’s your distro? If you follow that flavor’s instructions for PAM logging you can see what’s happening. For example, here’s how to enable PAM debug on centos 7.

Duo, not DUO.
0 Helpful

Go to solution
Stephen Carville
Level 1
Level 1
In response to DuoKristina

‎08-17-2021 02:41 PM

The servers are a mix of CentOS 7 and Oracle Linux 8. The test bed server is C7.

I did some more digging and it looks like only some client nodes are affected. Unfortunately one of those was my workstation.

Anyway, I finally figured out why it was failing. I had this line in the default section (Host *) of .ssh/config

PreferredAuthentications=publickey,gssapi-with-mic,password

I changed it to this and it work as expected.

PreferredAuthentications=publickey,gssapi-with-mic,keyboard-interactive

I still need to experiment with actually doing the first factor but I am back on track.

Go to solution
DuoKristina
Cisco Employee
Cisco Employee
In response to Stephen Carville

‎08-17-2021 03:42 PM

Glad you figured it out! Thanks for sharing your solution.

Duo, not DUO.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents