Duo Push

[06.29.2013]

Prerequisites

  1. An account with Duo Security
  2. A linux host with sshd

Details

  1. I followed their instructions for geting Duo Unix working.
  2. This worked fine, except for when I wanted to log in from my local LAN, which required me to use the Duo Push, and that got annoying. This was especially annoying when I was transfering files between my hosts.
  3. I added this to my /etc/ssh/sshd_config file and restarted sshd.
    Match Address *,!10.0.0.0/24
    X11Forwarding yes
    ForceCommand /usr/local/sbin/login_duo
  1. This tells sshd to force anything not coming from my home netowrk to run the /usr/local/sbin/login_duo command.

  2. That's it. After that, it just worked.

duosecurity duopush sshd rhel6 linux