Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1523
Views
0
Helpful
0
Replies

Linux Auth, SSH, PAM

gwendy32
Level 1
Level 1

‎07-20-2020 10:36 AM

I have a working Duo auth for SSH access to a Linux server, but it isn’t quite working as I would like for my environment.

I am looking for the right options so that:

  • A user SSH’ing in needs to auth with Duo (easy enough), but it should check the local auth first e.g. if I type in my password wrong the OS should tell reject me before I receive a Duo push
  • Duo should be required for sudo, but it should cache the Duo auth - Without Duo if I sudo I am prompted for my password, but then if I sudo again quickly I am not prompted for my password. Same thing should happen with Duo pushes

And, ideally, I would like an option that if a user authenticated to SSH using a keypair instead of a password, that user should not receive a Duo push. This is not a great option security-wise, but the boss is asking if it is an option for one of our applications.

Any suggestions on the right config to make these happen?

Labels:
0 Helpful
0 Replies 0
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents