I used the rpm package to install: duo_unix-1.11.3-0.el8.x86_64
if I log directly into the jump server it requires a push notification: ssh jumpserver
If I just try to jump through the jump server it doesn’t. this is the command I was using: ssh -J jumpserver remotehost
on remotehost, I can see jumpserver as the host I’m logging in with. on jumpserver I see the sshd processes for the connection, one of which is owned by me.
i’ve got to be missing something obvious but for the life of me I can’t figure it out.
this is in the base of my sshd_config
for duo login 2fa
ForceCommand /usr/sbin/login_duo
this is my login_duo.conf file
[duo]
; Duo integration key
ikey = removed
; Duo secret key
skey = removed
; Duo API host
host = removed
; failmode = safe
In the event of errors with this configuration file or connection to the Duo service
; this mode will allow login without 2FA.
; failmode = secure
This mode will deny access in the above cases. Misconfigurations with this setting
; enabled may result in you being locked out of your system.
failmode = secure
; Send command for Duo Push authentication
pushinfo = yes
autopush = yes
;
groups = duologin
send_gecos = yes
This is my .ssh/config file
Host jumpserver
User myuser
Port 22692
ForwardAgent yes
ForwardX11 yes
ForwardX11Trusted yes
Protocol 2
ServerAliveInterval 60
ServerAliveCountMax 30
IdentityFile ~/.ssh/rsa_id
Host remotehost
ForwardAgent no
ForwardX11 no
ForwardX11Trusted yes
User myuser
Port 22
Protocol 2
ServerAliveInterval 60
ServerAliveCountMax 30
IdentityFile ~/.ssh/rsa_id