Duo offers a relatively simple way to add support Duo two-factor auth to SSH sessions in multiple Linux Distributions. Here are my steps for Ubuntu Server.
/etc/apt/sources.list.d/duosecurity.list with the following contents:
deb [arch=amd64] https://pkg.duosecurity.com/Ubuntu focal main
- Create a user that corresponds to your username in Duo.
- Create admin group in Ubuntu.
# groupadd admin
- Add your user to admin group (Ubuntu) or wheel group (RedHat)
# usermod -G admin username
- Install the Duo package either from source or repo. Here we will install it from the Duo repo.
# curl -s https://duo.com/DUO-GPG-PUBLIC-KEY.asc | sudo apt-key add -
# apt update && apt install duo-unix
- Enable duo in by adding the following line in
- Restard sshd.
# systemctl restart sshd
- Add Duo keys to
/etc/duo/login_duo.conf. These keys are provided by Duo when you create an application.
- Change ownership of
/etc/duo/login_duo.conf using the following command.
# chown sshd.root /etc/duo/login_duo.conf
- Test the integration by using a separate ssh session to login to the system you just installed Duo on.