Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1329
Views
2
Helpful
3
Replies

Dou has stopped working

Go to solution
Stephen Carville
Level 1
Level 1

‎08-16-2021 01:56 PM

I was able to get duo working in a test environment based on the two documents linked below. However, it stopped working about a week ago and I cannot figure out what broke. I tested using different authentication methods and it consistently fails at the keyboard-interactive step.

Does duo or pam_duo maintain any logs I can look in to divine a cause?

Documentation Used
Knowledge Base | Duo Security
Duo Unix - 2FA for SSH with PAM Support (pam_duo) | Duo Security

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Stephen Carville
Level 1
Level 1
In response to DuoKristina

‎08-17-2021 02:41 PM

The servers are a mix of CentOS 7 and Oracle Linux 8. The test bed server is C7.

I did some more digging and it looks like only some client nodes are affected. Unfortunately one of those was my workstation.

Anyway, I finally figured out why it was failing. I had this line in the default section (Host *) of .ssh/config

PreferredAuthentications=publickey,gssapi-with-mic,password

I changed it to this and it work as expected.

PreferredAuthentications=publickey,gssapi-with-mic,keyboard-interactive

I still need to experiment with actually doing the first factor but I am back on track.

View solution in original post

3 Replies 3

Go to solution
DuoKristina
Cisco Employee
Cisco Employee

‎08-17-2021 09:14 AM

What’s your distro? If you follow that flavor’s instructions for PAM logging you can see what’s happening. For example, here’s how to enable PAM debug on centos 7.

Duo, not DUO.
0 Helpful

Go to solution
Stephen Carville
Level 1
Level 1
In response to DuoKristina

‎08-17-2021 02:41 PM

The servers are a mix of CentOS 7 and Oracle Linux 8. The test bed server is C7.

I did some more digging and it looks like only some client nodes are affected. Unfortunately one of those was my workstation.

Anyway, I finally figured out why it was failing. I had this line in the default section (Host *) of .ssh/config

PreferredAuthentications=publickey,gssapi-with-mic,password

I changed it to this and it work as expected.

PreferredAuthentications=publickey,gssapi-with-mic,keyboard-interactive

I still need to experiment with actually doing the first factor but I am back on track.

Go to solution
DuoKristina
Cisco Employee
Cisco Employee
In response to Stephen Carville

‎08-17-2021 03:42 PM

Glad you figured it out! Thanks for sharing your solution.

Duo, not DUO.
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents