Multifactor Authentication

About

Duke University is supporting Duo multifactor authentication for web and host based access.  Duo provides a second factor through a smart phone app, security dongle, physical phone or several other ways.  This page will walk you through getting Duo set up on your Linux server.

Configuration

Set up your NetID to be multifactor capable here

Install the duo_unix software.  Packages for your Linux based OS can be found here: http://pkg.duosecurity.com/

Configure Duo to use the Duke account by adjusting your /etc/duo/login_duo.conf file to contain the following:

[duo]
; Duo integration key
ikey = <GET THIS FROM THE DUKE IDMS TEAM>
; Duo secret key
skey = <GET THIS FROM THE DUKE IDMS TEAM>
; Duo API host
host = <GET THIS FROM THE DUKE IDMS TEAM>
; Send command for Duo Push authentication
;pushinfo = yes
; Limit two facter authentication to a subset of users by group
group = <SPACE SEPARATED LIST OF UNIX GROUPS THAT WILL REQUIRE DUO>

Add the following line to your /etc/ssh/sshd_config file:

ForceCommand /usr/sbin/login_duo

Leave a Reply

Your email address will not be published. Required fields are marked *