Solved: Multiple prompts un-enrolled users

OBenned · ‎11-22-2017

Hello.

Im currently testing the UNIX protection, so far it’s working good
But i have one problem, when an un-enrolled user tries to login they get the: “Please enroll at message” multiple times
Is there anyway to only show this message once?

login as: test
Using keyboard-interactive authentication.
Please enroll at https://redacted.com
Access denied
Using keyboard-interactive authentication.
Please enroll at https://redacted.com
Access denied
Using keyboard-interactive authentication.
Please enroll at https://redacted.com
Access denied
Using keyboard-interactive authentication.
Please enroll at https://redacted.com
Access denied
Using keyboard-interactive authentication.
Please enroll at https://redacted.com
Access denied
Using keyboard-interactive authentication.
Please enroll at https://redacted.com

Here is my pam_duo.conf

[duo]
; Duo integration key
ikey = redacted
; Duo secret key
skey = redacted
; Duo API host
host = redacted
; Send command for Duo Push authentication
;pushinfo = yes
prompts = 1

I’m using Ubuntu 16.04

DuoKristina · ‎11-22-2017

Hi OBenned,

Try adding MaxAuthTries 3 to your sshd_config.

From man sshd_config:

MaxAuthTries
        Specifies the maximum number of authentication attempts permitted per connection.  Once
        the number of failures reaches half this value, additional failures are logged.  The
        default is 6.

Duo, not DUO.

View solution in original post

DuoKristina · ‎11-22-2017

Hi OBenned,

Try adding MaxAuthTries 3 to your sshd_config.

From man sshd_config:

MaxAuthTries
        Specifies the maximum number of authentication attempts permitted per connection.  Once
        the number of failures reaches half this value, additional failures are logged.  The
        default is 6.

Duo, not DUO.

OBenned · ‎11-23-2017

Hi Kristina. that worked like a charm, thanks