Hi i’m matt from duo security in this video i’m going to show you how to protect a unix based system with our pam duo module before watching this video read the documentation for installing duo for unix at duo comm slash docs slash duo unix in this video i will show you how to install our duo unix integration on.
A CentOS 7 system note that in addition to CentOS duo for UNIX is compatible with a number of different platforms including Red Hat Fedora Debian Ubuntu and Amazon Linux our documentation contains setup instructions for most popular Linux distribution packages to get started log into the duo admin panel once there click on.
Applications then click protect an application type in UNIX next to the UNIX application entry click protect this application which takes you to your new applications properties page at the top of the properties.
Page click the link to open.
The duo unix documentation keep both the documentation and properties pages open as you continue through the setup process you can copy and paste the commands from the documentation page for easy.
Installation open a terminal and access your UNIX system as a super user install all Pam duo prerequisites for CentOS we need to install open SSL and ad-lib Pam enter yum install open SSL – devel to install open SSL once that completes enter yum install pam – evil to ad-lib Pam note that you also need a compiler like GCC installed on.
Build duo UNIX type yum install GCC to install or check for the installation of GCC now you can download build and install duo UNIX using the commands from the documentation download and extract the latest version of dual Unix change to.
The extracted directory build and install duo unix with pam support using the command provided in the documentation you can reference advanced build options in the readme in the source tarball after the installation completes open pam underscore duo comp in a text editor the path is slash Etsy slash duo slash pam underscore duo com add your integration key secret key and API host name.
From your UNIX applications properties page in the duo admin panel you may also add optional duo configuration settings to.
This configuration file we recommend enabling Auto push when auto push is enabled duo will automatically send a duo push notification to a user’s phone when they log in if Auto push is not enabled the user will be prompted to choose an authentication method add Auto push equals yes to enable this setting we recommend commenting out a line before this parameter to indicate what it does save and.
Exit the configuration file to use Pam duo with ssh public key authentication you need to make some changes to your sshd underscore config file which is usually located in slash Etsy or slash etsy slash ssh open this file with a text editor set pub key authentication to yes password authentication to no and authentication methods to public key comma keyboard – interactive you may need to add the authentication methods parameter if you want to use.
Pam duo with your installation of OpenSSH sshd set both use pam and challenge response authentication – yes said use DNS to know so that Pam duo is always past the IP address.