Support for Duo Security 2FA

Forums / General Discussions / Support for Duo Security 2FA

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #8117
    Avatarlinqlol
    Participant

    Hi,

    We are in the process of checking if we need to extend the license of NoMachine or we will wait 1-2 years because basically it does all the things it has to do.

    One feature we are really missing (or at least we don’t know how to implement this) is the support for 2FA authentication from Duo Security. We use their system everywhere. They provide a pam module at https://www.duosecurity.com/docs/duounix
    – Gerwin

     

    #8134
    AvatarBritgirl
    Keymaster

    We’ll look into this and report back with our findings. Watch this space.

    #8167
    Avatarfrog
    Participant

    For now NoMachine supports Two Factor Authentication with properly configured Duo Security (only Duo Push method). Here are instructions how to configure server. Instructions can be found also on Duo Security webpage – https://www.duosecurity.com/docs/duounix

    1. Log in to the Duo Admin Panel, click add application and pick UNIX Application from list to get integration key, secret key, and API hostname.

    2. Install required headers and libraries.
    Debian/Ubuntu:
    apt-get install libssl-dev
    apt-get install libpam-dev
    CentOS/RHEL:
    yum install openssl-devel
    yum install pam-devel
    SLES/SUSE:
    zypper install libopenssl-devel
    zypper install pam-devel

    3. Download and install duo_login.
    $ wget https://dl.duosecurity.com/duo_unix-latest.tar.gz
    $ tar zxf duo_unix-latest.tar.gz
    $ cd duo_unix-1.9.15
    $ ./configure –prefix=/usr && make && sudo make install

    4. Edit  /etc/duo/login_duo.conf file by giving your intergration key, secret key and api hostname like this:
    [duo]
    ; Duo integration key
    ikey = INTEGRATION_KEY
    ; Duo secret key
    skey = SECRET_KEY
    ; Duo API hostname
    host = API_HOSTNAME

    5. Run /usr/sbin/login_duo as regular user. You’ll be given an enrollment link, please visit the URL and enroll your mobile phone.

    6. Edit your /etc/ssh/sshd_config file and add this line to your config file:
    ForceCommand /usr/sbin/login_duo
    PermitTunel no
    AllowTcpForwarding no

    7. Restart your sshd
    service sshd restart

    After these steps you are able to use Duo Security with NoMachine on SSH connections.

Viewing 3 posts - 1 through 3 (of 3 total)

This topic was marked as solved, you can't post.