cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1730
Views
0
Helpful
3
Replies

Same username for different people

hkcuhk
Level 1
Level 1

We want to implement DUO to all Linux machines for the root account to ssh in, but all the username of these machines are “root”, which belongs to different people. Can I have different duo push but with same username ?

Thanks in advance.

3 Replies 3

DuoKristina
Cisco Employee
Cisco Employee

Yes, you can attach multiple phones for Duo Push to the same Duo user.

You may find a one to many user to phone relationship like this unwieldy to manage. Additionally, opening ssh access to root isn’t generally recommended. Have you considered restricting privileged access to sudo users? That way they’d be authenticating to Duo with their own username.

Duo, not DUO.

hkcuhk
Level 1
Level 1

Well, what I want is to :
a) ssh to linuxServerA as “root”, duo push to Peter’s phone only
b) ssh to linuxServerB as “root”, duo push to Mary’s phone only
c) ssh to linuxServerC as “root”, duo push to Paul’s phone only
etc, etc.

Thanks.

Sorry, that specific use case (automatic selection of one out of many devices attached to the same username) isn’t supported. Setting autopush = yes would result in an automatic push to the first phone attached to the root user, so you should not enable this option. Without autopush, the user ssh’ing in would choose their factor from a list of all devices attached to root.

Again, generally we see customers using sudo, and in that situation each sudo-er is an individual Duo user with their own devices.

Duo, not DUO.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links