DUO with LDAP hosted public keys


#1

My setup is to use DUO with publickey authentication over SSH. The keys are stored in LDAP.

When following the documentation for setting up DUO with UNIX, I’m running into a problem. I’ve verified that DUO is working by commenting out my pam_ldap.so line in /etc/pam.d/sshd. When I remove that comment, authentication fails.

I believe I’ve tracked that down to the following in sshd_config:

```

AuthenticationMethods publickey,keyboard-interactive

With this config, the LDAP authentication fails, since it is expecting keyboard-interactive, which is not going to work with a key exchange.

I've changed that line to the following:

    AuthenticationMethods publickey publickey,keyboard-interactive

Now, the LDAP piece works, but I never get prompted to authenticate with DUO, which defeats the whole purpose.

Is there something I'm missing here?