I have a DUO LDAP proxy setup on Linux. I’ve replaced my normal LDAP server IP address with my DUO LDAP Proxy IP address in /etc/ldap.conf and /etc/ldap/ldap.conf and all things LDAP seem to be proxying correctly.
We have ssh PasswordAuthentication set to no and PubkeyAuthentication set to yes on all the servers we manage. I am not sent a DUO push to my mobile when I login over ssh. Only when I sudo does DUO send the push. In retrospect, this makes sense since I’ve told ssh to ignore any password based auth.
Do I need to additionally setup pam_duo for this configuration or is there some other way I can tell ssh to include a DUO push for key based auth?