Install Duo 2FA for Linux Login and SSH

Install Duo Two Factor Authentication untuk Linux Login dan SSH

  • Duo Network Diagram pada Linux Authhentication

Install Duo 2FA for Windows Login and RDP


  • Daftar akun Duo 2FA > Link daftar
  • Login ke dalam dashboard admin Duo > Application > Protect an Application > cari UNIX Application > Protect
  • Akan terlihat Integration Key, Secret Key, dan API Hostname
  • Install Pre-requirement Login-Duo
--- Red Hat, Fedora, CentOS
[root@DUO icmp]# yum install openssl-devel -y

--- Debian, Ubuntu
[root@DUO icmp]# apt-get install libssl-dev -y
  • Install Duo untuk Linux dari repository
--- Untuk CentOS
[root@DUO icmp]# nano /etc/yum.repos.d/duosecurity.repo

[duosecurity]
name=Duo Security Repository
baseurl=https://pkg.duosecurity.com/CentOS/$releasever/$basearch
enabled=1
gpgcheck=1

[root@DUO icmp]# rpm --import https://duo.com/DUO-GPG-PUBLIC-KEY.asc
[root@DUO icmp]# yum install duo_unix -y
--- Untuk Ubuntu 18.04 LTS ---
[root@DUO icmp]# nano /etc/apt/sources.list.d/duosecurity.list

deb [arch=amd64] https://pkg.duosecurity.com/Ubuntu bionic main

[root@DUO icmp]# curl -s https://duo.com/DUO-GPG-PUBLIC-KEY.asc | sudo apt-key add -
[root@DUO icmp]# apt-get update && apt-get install duo-unix -y

--- Ubuntu Ubuntu 20.04 LTS ---
[root@DUO icmp]# nano /etc/apt/sources.list.d/duosecurity.list

deb [arch=amd64] https://pkg.duosecurity.com/Ubuntu focal main

[root@DUO icmp]# curl -s https://duo.com/DUO-GPG-PUBLIC-KEY.asc | sudo apt-key add -
[root@DUO icmp]# apt-get update && apt-get install duo-unix -y

--- Ubuntu Ubuntu 22.04 LTS ---
[root@DUO icmp]# nano /etc/apt/sources.list.d/duosecurity.list

deb [arch=amd64] https://pkg.duosecurity.com/Ubuntu jammy main

[root@DUO icmp]# curl -s https://duo.com/DUO-GPG-PUBLIC-KEY.asc | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/duo.gpg
[root@DUO icmp]# apt update && apt install duo-unix -y
--- Untuk Red Hat
[root@DUO icmp]# nano  /etc/yum.repos.d/duosecurity.repo

[duosecurity]
name=Duo Security Repository
baseurl=https://pkg.duosecurity.com/RedHat/$releasever/$basearch
enabled=1
gpgcheck=1

[root@DUO icmp]# rpm --import https://duo.com/DUO-GPG-PUBLIC-KEY.asc
[root@DUO icmp]# yum install duo_unix -y

  • Konfigurasi Duo Login, edit file /etc/duo/login_duo.conf , tambahkan Integration key, Secret key, API hostname,
  • pushinfo=yes
  • autopush=yes
[root@DUO icmp]# nano /etc/duo/login_duo.conf

  • Tes Login Duo dengan perintah /usr/sbin/login_duo , akan muncul enroll untuk menambahkan user pada dashboard Duo. Buka alamar URL tersebut pada browser:
[root@DUO icmp]# /usr/sbin/login_duo
Please enroll at https://api-031af9f4.duosecurity.com/portal?code=a867938811938840&akey=DA6QX3JP4TMHXNKX7CJX
  • Pilih device: Mobile Phone
  • Masukan nomor hp, dan pastikan sudah download Duo Mobile
  • Masukan verifikasi kode otp yang nantinya di kirim ke nomor yang sudah di daftarkan
  • Pilih Automatically send this device a Duo Push
  • Tes kembali Login Duo, cek pada hp akan ada notifikasi dari Duo Mobile
[root@DUO icmp]# /usr/sbin/login_duo echo 'DUO SSH OK !'
Autopushing login request to phone...
Success. Logging you in...
DUO SSH OK !

  • Konfigurasi pada SSH untuk mengaktifkan Login Duo, tambahkan baris berikut pada paling bawah:
  • ForceCommand /usr/sbin/login_duo
  • PermitTunnel no
  • AllowTcpForwarding no
[root@DUO icmp]# nano /etc/ssh/sshd_config
  • Restart service ssh
[root@DUO icmp]# systemctl restart sshd
  • Test login dengan SSH, akan muncul notifikasi pada hp dari Duo Mobile untuk mengizinkan login ke dalam linux lewat ssh

herdiana3389

A system administrator with skills in system administration, virtualization, linux, windows, networking, cloud computing, container, etc.