Duo offers a relatively simple way to add support Duo two-factor auth to SSH sessions in multiple Linux Distributions. Here are my steps for Ubuntu Server.
Create /etc/apt/sources.list.d/duosecurity.list
with the following contents:
deb [arch=amd64] https://pkg.duosecurity.com/Ubuntu focal main # 20.04
deb [arch=amd64] https://pkg.duosecurity.com/Ubuntu jammy main # 22.04
Create a user that corresponds to your username in Duo.
adduser username
Add your user to sudo group (Ubuntu) or wheel group (RedHat)
usermod -aG sudo username
Install the Duo package either from source or repo. Here we will install it from the Duo repo.
Ubuntu 20.04:
curl -s https://duo.com/DUO-GPG-PUBLIC-KEY.asc | sudo apt-key add -
apt update && apt install duo-unix
Ubuntu 22.04
curl -s https://duo.com/DUO-GPG-PUBLIC-KEY.asc | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/duo.gpg
apt-get update && apt-get install duo-unix
Enable duo in by adding the following line in /etc/ssh/sshd_config
:
ForceCommand /usr/sbin/login_duo
Restard sshd.
systemctl restart sshd
Add Duo keys to /etc/duo/login_duo.conf
. These keys are provided by Duo when you create an application.
Change ownership of /etc/duo/login_duo.conf
using the following command.
chown sshd.root /etc/duo/login_duo.conf
Test the integration by using a separate ssh session to login to the system you just installed Duo on.