About Stephen Carville

Stephen Carville · 09-16-2022

One user is having repeated failures when trying to log onto a server protected by Duo. The failures are limited to the one user. No one else seems to be having any problems. I tried in no particular order: restarting sshddisabling selinux.Resetting...

Using a Yubikey · 03-24-2022

On our linux machines, secure shell (openssh) is configured to only allow designated jump or bastion servers to log in. Access to the jump servers is controlled by duo. One user, who does not have a supported Android or iOS phone, wants to use a Yub...

Removing an MFA Device from One User · 09-14-2021

For testing I linked a test account to a phone. To test a possible hack, I later associated that same phone with my account. Is there any way to remove the test phone from my account without affecting the test account?

Stephen Carville · 08-25-2021

I have tentative approval to move ahead with Duo for 2FA on Linux instead of Okta ASA. I can’t say I am unhappy with that… So I have a couple of questions. These are not show stoppers but may help to ease the adoption. Can duo push use other authe...

Stephen Carville · 08-21-2021

I originally put this question in the wrong forum so I am trying again here. Is it possible to configure duo and ssh for linux such that a user only has to log in once a day to any particular server? The idea is to login once and then open as many ot...

Stephen Carville · 01-14-2023

Looks like it is still broken – at least in Oracle 8 EPEL. About two days ago, I upgraded my “backup” jump server running Oracle Linux 8.7 and duo stopped working. I finally tracked it down to the duo_unix package in oracle-EPEL respository for OL8. ...

Re: Using a Yubikey · 03-24-2022

A couple of more questions if you do not mind: If we move up to a paid tier will users be able to register their own tokens? What would be the cost for Duo tokens? I know we’d have to buy at least ten.

Stephen Carville · 03-24-2022

You could try a match block for the special accounts Match User service1, service2, service3, etc AuthenticationMethods publickey gssapi-with-mic password

Re: Using a Yubikey · 03-24-2022

It’s making a little more sense now. The user registered his Yubikey as a WebAuthn device. If I understand the documentation, WebAuthn is for authentication from within a browser and is not appropriate for secure shell. Please correct me if I am wron...

Stephen Carville · 12-07-2021

Did you make sure that pam_duo.conf was correctly configured? If it is correct then look at sshd_config. Some options that might be relevant to your situation are: UsePAM yes ChallengeResponseAuthentication yes AuthenticationMethods publickey,keybo...

Member Since	‎03-19-2013 04:19 PM
Date Last Visited	‎10-07-2024 09:13 AM
Posts	104
Total Helpful Votes Received	63

User Statistics

User Activity

One User Cannot Log Onto Server Protected by Duo

Using a Yubikey

Removing an MFA Device from One User

Alternate authentication apps

Implementing Duo on Linux

Re: EPEL repo has duo_unix but it's missing files

Re: Using a Yubikey

Re: Duo for Linux/PAM only active for UID >= 1000

Re: Using a Yubikey

Re: Linux with private key only install