Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4223
Views
0
Helpful
1
Replies

Duo-unix on ubuntu 14.04LTS -- Permission denied?

lookcrabs
Level 1
Level 1

‎01-10-2017 11:13 AM

Hello all,

Sorry if this is not the correct place for my question. I am new and trying to learn. Please let me know and I will move/delete this.

I am trying to set up duo-unix to do 2FA + ssh-key authentication on a linux VM (ubuntu 14.04) as a test. I am using the ubuntu repository supplied in the guide/doc here :: https://duo.com/docs/duounix

My current steps are:

ubuntu@duo2fa-test-free:~ sudo apt-get install build-essential libss-dev ubuntu@duo2fa-test-free:~ sudo apt-get update && sudo apt-get upgrade -y
ubuntu@duo2fa-test-free:~ curl -s https://duo.com/■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■/Ubuntu trusty main' | sudo tee /etc/apt/sources.list.d/duosecurity.list ubuntu@duo2fa-test-free:~ sudo apt-get update && sudo apt-get install duo-unix

ubuntu@duo2fa-test-free:~$ cat <<EOF | sudo tee /etc/duo/duo_login.conf
ikey =
skey =
host =
groups = users,!root
failmode = safe
pushinfo = yes
http_proxy = http://cloud-proxy:3128/
autopush = yes
motd = yes
prompts = 1
accept_env_factor = no
fallback_local_ip = no
https_timeout = 0
EOF

ubuntu@duo2fa-test-free:~$ /usr/sbin/login_duo
Couldn’t open /etc/duo/login_duo.conf: Permission denied

On top of this my environment seems to be somewhat broken as well::

ubuntu@duo2fa-test-free:~ exit logout ubuntu@duo2fa-test-free:~ exit
Connection to 172.16.135.16 closed.
lookcrabs@local:~$ ssh -Al ubuntu 172.16.135.16
Couldn’t open /etc/duo/login_duo.conf: Permission denied

I have tried this on multiple fresh ubuntu 14.04 vms on digitalocean and on my local laptop with the same result. I have also built from source and again i get permission denied without any form of prompt for an authenticator.

Is there a way to enforce 2fa for non-root users without locally installing login_duo?

Labels:
0 Helpful
1 Reply 1

DuoKristina
Cisco Employee
Cisco Employee

‎01-30-2017 12:57 PM

Are you trying to install PAM Duo or Login Duo? You linked to the PAM doc but then mention duo_login.conf (so, Login Duo).

In the enabling section of Logon Duo’s instruction we do warn you that ForceCommand does run login_duo using the user’s shell.

To deploy Duo Unix to everyone, we recommend following the PAM Duo instructions. Have you tried following that process yet?

Duo, not DUO.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents