11-17-2017 01:30 AM
We want to implement DUO to all Linux machines for the root account to ssh in, but all the username of these machines are “root”, which belongs to different people. Can I have different duo push but with same username ?
Thanks in advance.
11-17-2017 12:46 PM
Yes, you can attach multiple phones for Duo Push to the same Duo user.
You may find a one to many user to phone relationship like this unwieldy to manage. Additionally, opening ssh access to root isn’t generally recommended. Have you considered restricting privileged access to sudo users? That way they’d be authenticating to Duo with their own username.
11-19-2017 06:09 PM
Well, what I want is to :
a) ssh to linuxServerA as “root”, duo push to Peter’s phone only
b) ssh to linuxServerB as “root”, duo push to Mary’s phone only
c) ssh to linuxServerC as “root”, duo push to Paul’s phone only
etc, etc.
Thanks.
11-20-2017 07:35 AM
Sorry, that specific use case (automatic selection of one out of many devices attached to the same username) isn’t supported. Setting autopush = yes
would result in an automatic push to the first phone attached to the root
user, so you should not enable this option. Without autopush, the user ssh’ing in would choose their factor from a list of all devices attached to root
.
Again, generally we see customers using sudo, and in that situation each sudo-er is an individual Duo user with their own devices.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide