Dou has stopped working

I was able to get duo working in a test environment based on the two documents linked below. However, it stopped working about a week ago and I cannot figure out what broke. I tested using different authentication methods and it consistently fails at the keyboard-interactive step.

Does duo or pam_duo maintain any logs I can look in to divine a cause?

Documentation Used
Knowledge Base | Duo Security
Duo Unix - 2FA for SSH with PAM Support (pam_duo) | Duo Security

What’s your distro? If you follow that flavor’s instructions for PAM logging you can see what’s happening. For example, here’s how to enable PAM debug on centos 7.

The servers are a mix of CentOS 7 and Oracle Linux 8. The test bed server is C7.

I did some more digging and it looks like only some client nodes are affected. Unfortunately one of those was my workstation.

Anyway, I finally figured out why it was failing. I had this line in the default section (Host *) of .ssh/config

PreferredAuthentications=publickey,gssapi-with-mic,password

I changed it to this and it work as expected.

PreferredAuthentications=publickey,gssapi-with-mic,keyboard-interactive

I still need to experiment with actually doing the first factor but I am back on track.

1 Like

Glad you figured it out! Thanks for sharing your solution.

1 Like