https://duo.com/docs/loginduo
sudo cp 1_*.crt /usr/local/share/ca-certificates
sudo update-ca-certificates --fresh
wget https://dl.duosecurity.com/duo_unix-latest.tar.gz
tar zxf duo_unix-latest.tar.gz
cd duo...
./configure --prefix=/usr
make
sudo make install
sudo nano /etc/duo/pam_duo.conf
login_duo echo 'hi'
/etc/pam.d/sshd
auth sufficient /lib64/security/pam_duo.so
auth required pam_deny.so
https://duo.com/docs/duounix#pam-configuration
https://help.duo.com/s/article/5085?language=en_US
sudo nano /etc/ssh/sshd_config
UsePAM yes
ChallengeResponseAuthentication yes
UseDNS no
PasswordAuthentication no
KerberosAuthentication no
AuthenticationMethods password,keyboard-interactive
# NOTE: THE DEFAULT IS TO HAVE KerberosOrLocalPasswd BE YES
KerberosOrLocalPasswd no
/etc/pam.d/system-auth
auth required pam_env.so
auth [success=1 default=ignore] pam_unix.so nullok try_first_pass
auth required pam_sss.so nullok use_first_pass
auth sufficient /lib64/security/pam_duo.so
auth requisite pam_succeed_if.so uid >=500 quiet
auth required pam_deny.so
https://help.duo.com/s/article/4970?language=en_US
sudo nano /etc/pam.d/common-auth (leave this file alone to prevent SUDO from the DUO)
auth required pam_env.so
auth [success=1 default=ignore] pam_unix.so nullok try_first_pass
auth required pam_sss.so nullok use_first_pass
auth sufficient /lib64/security/pam_duo.so
auth requisite pam_succeed_if.so uid >=500 quiet
auth required pam_deny.so
sudo /etc/init.d/ssh restart
https://duo.com/docs/duounix-faq#troubleshooting
cd /usr/sbin
sudo chmod +x ./duo_unix_support.sh
sudo ./duo_unix_support.sh
https://help.duo.com/s/article/4207?language=en_US
How do I use the Duo Certificate Verification Utility (acert) to verify my certificate chain