Duo for UNIX not working
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-21-2019 07:12 AM
Hi All,
I was wondering if somebody can assist with where I am going wrong, because the guide to setup either pam_duo or login_duo seem to lack in proper instructions and don’t give good enough details for new comers to duo.
I followed pam_duo to a tee. Every thing setup correctly (443 is open outbound and inbound to all traffic and so is 80), I set up all the keys etc. so I then logged out of SSH to then try jump on PuTTy and log back in expecting it to make me authenticate with duo and duo didn’t work at all. This is a local root user I was trying it with as its just a test box for now just so I can get a proof of concept to work, or attempt to.
So, I tried it with login_duo next, every going fine, did the test “/usr/sbin/login_duo” which worked to an extent, gave me the link to enroll which was good, I thought everything was going fine. Until again, jumped off PuTTy, SSHd back in and still no DUO authenticator…
If I do “ssh root@cockpit.local” it then asks me to authenticate through DUO and sends me codes or push to authenticate to my duo app, but doing it through PuTTy doesn’t.
Don’t ask me to do login -d either, because that just repeats what the “ssh root@cockpit.local” does and asks me to authenticate with duo.
So, ofcourse I am going wrong somewhere, but where?
I use a VPN to jump on to the network the Linux box is on, but thats about it.
Any assistance would be appreciated.
Cheers,
James
- Labels:
-
Unix and SSH
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-20-2025 11:10 AM
Hi, hope you have a solution after some while/years.
The new Duo Unix documentation is good -> https://duo.com/docs/duounix#pam-examples
Or you may try to log for more details from ssh logs, i was doing a "journalctl -u ssh" on my ubuntu and got more details. It helped me to troubleshoot and fix the issue.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-20-2025 11:21 AM
@ketcheon I guess a lot has changed since 2019 right? I love to see solutions on such old posts though!
Long time since I did DUO.. but now some questions are scratching my head.
1) pam_duo and login_duo would interfere right? Only one method sould be done?
2) We still have to ensure in that case that PuTTy is set to keyboard-interactive for SSH auth method, right?
Thx and BR
Jules
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-21-2025 12:18 AM
Hi Julian,
Yes indeed. All the new stuffs, SSO, passwordless, and Identity Intelligence.
#1 - the recommended one is pam_duo, due to it's secure and highly customizable nature. This is stated in the document link.
#2 - This was mentioned too under the system section, KbdInteractiveAutentication is the switch to influence the behavior.
Hope that works for you too.
Regards,
ketcheon
