My setup is to use DUO with publickey authentication over SSH. The keys are stored in LDAP.
When following the documentation for setting up DUO with UNIX, I’m running into a problem. I’ve verified that DUO is working by commenting out my pam_ldap.so line in /etc/pam.d/sshd. When I remove that comment, authentication fails.
I believe I’ve tracked that down to the following in sshd_config:
With this config, the LDAP authentication fails, since it is expecting keyboard-interactive, which is not going to work with a key exchange.
I've changed that line to the following:
AuthenticationMethods publickey publickey,keyboard-interactive
Now, the LDAP piece works, but I never get prompted to authenticate with DUO, which defeats the whole purpose.
Is there something I'm missing here?