Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1168
Views
0
Helpful
1
Replies

Duo Linux - Password AND Push Authenticatoins

svieth
Level 1
Level 1

‎01-15-2019 08:40 AM

Good Morning! I’m running into some issues with doing an implementation of Duo on a few servers in my Linux environment.

I’m following pretty accurately the guide that is posted at Duo Unix - 2FA for SSH with PAM Support (pam_duo) | Duo Security and I’ve noticed something. When I enter in a username that’s in Duo, it’ll take me right to the Duo screen, asking for either an SMS code, a phone code, or a push. It never prompts me for a password. This is not the behavior I am looking for. I am looking for it to allow me to enter in a password, and then prompt me for a Duo Push, so a true 2FA.

We’re only looking to do this on a password login right now, so I’m only concerned about the system-auth file. I’m running Oracle Linux 7, so I’m using the instructions designed for RHEL7 currently.

Also, how do I make sure the root account is excluded from a Duo 2FA?

Labels:
0 Helpful
1 Reply 1

svieth
Level 1
Level 1

‎01-15-2019 09:45 AM

Good news, one of my co-workers has solved this issue, we’re using the login_duo module and added the command post-login.

Two other thoughts:

  1. is there a way to limit this to people who log in using a specific port? We have a server which allows logins on both the standard SSH port and a non-standard port, and we want to use Duo only on the non-standard port.

  2. What’s the easiest way to exclude ONLY the root user on this?

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents