DuoUnix/pam_duo


#1

I am trying setup DuoUnix for ssh with publickey, password and keyboard-interactive (duo push) all three.

I would be ok with only password and keyboard-interactive (duo push).

I followed this guide: https://duo.com/docs/duounix

Everything works but I am getting two push notifications. Should I only be getting one?

Info for publickey, password and keyboard-interactive:

/etc/pam.d/sshd

@include common-auth
auth [success=1 default=ignore] /lib64/security/pam_duo.so
auth requisite pam_deny.so
auth required pam_permit.so

/etc/pam.d/common-auth

auth [success=1 default=ignore] pam_unix.so nullok_secure

here’s the fallback if no module succeeds

auth requisite pam_unix.so nullok_secure
auth [success=1 default=ignore] /lib64/security/pam_duo.so
auth requisite pam_deny.so

/etc/ssh/sshd_config

PubkeyAuthentication yes
ChallengeResponseAuthentication yes
UseDNS no
AuthenticationMethods publickey,keyboard-interactive
UsePAM yes

Info for password and keyboard-interactive:

Info for password and keyboard-interactive:

/etc/pam.d/sshd

@include common-auth
auth [success=1 default=ignore] /lib64/security/pam_duo.so
auth requisite pam_deny.so
auth required pam_permit.so

/etc/pam.d/common-auth

auth [success=1 default=ignore] pam_unix.so nullok_secure

here’s the fallback if no module succeeds

auth requisite pam_unix.so nullok_secure
auth [success=1 default=ignore] /lib64/security/pam_duo.so
auth requisite pam_deny.so

/etc/ssh/sshd_config

PubkeyAuthentication yes
ChallengeResponseAuthentication yes
UseDNS no
AuthenticationMethods keyboard-interactive
UsePAM yes

For both the publickey,password,keyboard-interactive and password,keyboard-interactive I get the followed logs (I have to accept two duo push notifications):

Mar 23 14:54:12 ubuntu sshd[3392]: Successful Duo login for ‘ubuntu’ from 10.1.3.6
Mar 23 14:54:17 ubuntu sshd[3392]: Successful Duo login for ‘ubuntu’ from 10.1.3.6
Mar 23 14:54:17 ubuntu sshd[3390]: Accepted keyboard-interactive/pam for ubuntu from 10.1.3.6 port 49862 ssh2
Mar 23 14:54:17 ubuntu sshd[3390]: pam_unix(sshd:session): session opened for user ubuntu by (uid=0)
Mar 23 14:54:17 ubuntu systemd-logind[839]: New session 36 of user ubuntu.