SSH and authproxy - too quick at login


#1

I’ve configured the Duo Auth Proxy on a Ubuntu 16.04 box. It is acting as a radius server, verifying against my AD schema. Logins to the console work flawlessly after some general modifications to the pam.d/login file. Where I’m experiencing issues is with ssh.

When logging in with a valid user (specified by the authconfig settings), I do get prompted by Duo, but my response time is less than 5 seconds in many cases. By the time the Duo app prompts me, ssh has already failed login and prompts me to re-enter my password.

  • Is there a way to extend the timeout for ssh/Duo?
  • Should I reconsider using SSSD and pam_duo instead of the proxy?

So far, this is the only thing holding me back from a 100% successful Linux implementation.

Thank you,
Larry