Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2041
Views
0
Helpful
2
Replies

SSH and authproxy - too quick at login

lgwapnitsky
Level 1
Level 1

‎12-08-2017 12:21 PM

I’ve configured the Duo Auth Proxy on a Ubuntu 16.04 box. It is acting as a radius server, verifying against my AD schema. Logins to the console work flawlessly after some general modifications to the pam.d/login file. Where I’m experiencing issues is with ssh.

When logging in with a valid user (specified by the authconfig settings), I do get prompted by Duo, but my response time is less than 5 seconds in many cases. By the time the Duo app prompts me, ssh has already failed login and prompts me to re-enter my password.

  • Is there a way to extend the timeout for ssh/Duo?
  • Should I reconsider using SSSD and pam_duo instead of the proxy?

So far, this is the only thing holding me back from a 100% successful Linux implementation.

Thank you,
Larry

Labels:
0 Helpful
2 Replies 2

gnyce
Level 1
Level 1

‎08-29-2018 03:48 PM

Can’t answer your completely, but we have implemented sssd and pam_duo, and it works fine for SSH. In fact, it will work for local accounts as well as sssd (AD) accounts - we use it for our external database-support NOC, who can ssh in and have Duo call one of 2 NOC phone numbers. Only tricky part there was pam and supporting local (console) login… but we figured our way through that.

Can you turn up the logging on sshd_config (DEBUG) and see what it is doing?

0 Helpful

rochana
Level 1
Level 1

‎02-20-2023 09:47 PM

Im facing the same issue… were you able to solve this?

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents