Same username for different people


#1

We want to implement DUO to all Linux machines for the root account to ssh in, but all the username of these machines are “root”, which belongs to different people. Can I have different duo push but with same username ?

Thanks in advance.


#2

Yes, you can attach multiple phones for Duo Push to the same Duo user.

You may find a one to many user to phone relationship like this unwieldy to manage. Additionally, opening ssh access to root isn’t generally recommended. Have you considered restricting privileged access to sudo users? That way they’d be authenticating to Duo with their own username.


#3

Well, what I want is to :
a) ssh to linuxServerA as “root”, duo push to Peter’s phone only
b) ssh to linuxServerB as “root”, duo push to Mary’s phone only
c) ssh to linuxServerC as “root”, duo push to Paul’s phone only
etc, etc.

Thanks.


#4

Sorry, that specific use case (automatic selection of one out of many devices attached to the same username) isn’t supported. Setting autopush = yes would result in an automatic push to the first phone attached to the root user, so you should not enable this option. Without autopush, the user ssh’ing in would choose their factor from a list of all devices attached to root.

Again, generally we see customers using sudo, and in that situation each sudo-er is an individual Duo user with their own devices.