Duo Unix SSH Protection with Mac OSX Sierra


#1

I am trying to protect SSH logins on Mac OSX Sierra. I have grabbed the files and installed. OpenSSL is installed in /usr/local/opt/openssl/bin, ran through the install and got an error trying to find OpenSSL, yet it is in my path. Anyone get this working?

  • OpenSSL is in my path
  • ./configure --with-pam --prefix=/usr && make && sudo make install

Received following error:

configure: Error: in /Users/username/Downloads/duo_unix-1.10.1': configure: error: OpenSSL not found Seeconfig.log’ for more details


#2

Well - solved my own issue. For those who are interested in trying this:

Had to hard code the OpenSSL path; using the following command:
./configure --with-pam=/usr/local/lib/pam/ --with-openssl=/usr/local/opt/openssl/ --prefix=/usr && make && sudo make install

Also, Mac standard folders are protected and should remain that way. To resolve this, I had to add /usr/local for each standard folder. I had to change the configure file to point to /usr/local/bin, /usr/local/sbin, /usr/local/shared, /usr/local/lib.

Finally, the pam_duo.so does not work on mac, so I went with the login_duo option, and found this awesome reference which helped me resolve it. https://wiki.vcu.edu/display/D2FAS/Detailed+Instruction+for+DUO+with+SSH

Really think Duo should put together a better guide for the Mac. This shouldn’t be this difficult.