DUO on Linux where you have the box joined to the domain

https://duo.com/docs/loginduo

sudo cp 1_*.crt /usr/local/share/ca-certificates

sudo update-ca-certificates --fresh

wget https://dl.duosecurity.com/duo_unix-latest.tar.gz

tar zxf duo_unix-latest.tar.gz

cd duo...

./configure --prefix=/usr

make

sudo make install

sudo nano /etc/duo/pam_duo.conf

login_duo echo 'hi'

/etc/pam.d/sshd

auth sufficient /lib64/security/pam_duo.so

auth required pam_deny.so

https://duo.com/docs/duounix#pam-configuration

https://help.duo.com/s/article/5085?language=en_US

sudo nano /etc/ssh/sshd_config

UsePAM yes

ChallengeResponseAuthentication yes

UseDNS no

PasswordAuthentication no

KerberosAuthentication no

AuthenticationMethods password,keyboard-interactive

# NOTE: THE DEFAULT IS TO HAVE KerberosOrLocalPasswd BE YES

KerberosOrLocalPasswd no

/etc/pam.d/system-auth

auth required pam_env.so

auth [success=1 default=ignore] pam_unix.so nullok try_first_pass

auth required pam_sss.so nullok use_first_pass

auth sufficient /lib64/security/pam_duo.so

auth requisite pam_succeed_if.so uid >=500 quiet

auth required pam_deny.so

https://help.duo.com/s/article/4970?language=en_US

sudo nano /etc/pam.d/common-auth (leave this file alone to prevent SUDO from the DUO)

auth required pam_env.so

auth [success=1 default=ignore] pam_unix.so nullok try_first_pass

auth required pam_sss.so nullok use_first_pass

auth sufficient /lib64/security/pam_duo.so

auth requisite pam_succeed_if.so uid >=500 quiet

auth required pam_deny.so

sudo /etc/init.d/ssh restart

https://duo.com/docs/duounix-faq#troubleshooting

cd /usr/sbin

sudo chmod +x ./duo_unix_support.sh

sudo ./duo_unix_support.sh

https://help.duo.com/s/article/4207?language=en_US

How do I use the Duo Certificate Verification Utility (acert) to verify my certificate chain