Duo offers a relatively simple way to add support Duo two-factor auth to SSH sessions in multiple Linux Distributions. Here are my steps for Ubuntu Server.
- Create
/etc/apt/sources.list.d/duosecurity.list
with the following contents:
deb [arch=amd64] https://pkg.duosecurity.com/Ubuntu focal main - Create a user that corresponds to your username in Duo.
- Create admin group in Ubuntu.
# groupadd admin
- Add your user to admin group (Ubuntu) or wheel group (RedHat)
# usermod -G admin username
- Install the Duo package either from source or repo. Here we will install it from the Duo repo.
# curl -s https://duo.com/DUO-GPG-PUBLIC-KEY.asc | sudo apt-key add -
# apt update && apt install duo-unix
- Enable duo in by adding the following line in
/etc/ssh/sshd_config
:ForceCommand /usr/sbin/login_duo
- Restard sshd.
# systemctl restart sshd
- Add Duo keys to
/etc/duo/login_duo.conf
. These keys are provided by Duo when you create an application. - Change ownership of
/etc/duo/login_duo.conf
using the following command.# chown sshd.root /etc/duo/login_duo.conf
- Test the integration by using a separate ssh session to login to the system you just installed Duo on.