Duo offers a relatively simple way to add support Duo two-factor auth to SSH sessions in multiple Linux Distributions. Here are my steps for Ubuntu Server.
- Create
/etc/apt/sources.list.d/duosecurity.listwith the following contents:
deb [arch=amd64] https://pkg.duosecurity.com/Ubuntu focal main - Create a user that corresponds to your username in Duo.
- Create admin group in Ubuntu.
# groupadd admin - Add your user to admin group (Ubuntu) or wheel group (RedHat)
# usermod -G admin username - Install the Duo package either from source or repo. Here we will install it from the Duo repo.
# curl -s https://duo.com/DUO-GPG-PUBLIC-KEY.asc | sudo apt-key add -# apt update && apt install duo-unix - Enable duo in by adding the following line in
/etc/ssh/sshd_config:ForceCommand /usr/sbin/login_duo - Restard sshd.
# systemctl restart sshd - Add Duo keys to
/etc/duo/login_duo.conf. These keys are provided by Duo when you create an application. - Change ownership of
/etc/duo/login_duo.confusing the following command.# chown sshd.root /etc/duo/login_duo.conf - Test the integration by using a separate ssh session to login to the system you just installed Duo on.