Installing Duo Security on Ubuntu 12.04

Duo Security offer a free two factor authentication (limited to 10 users), which I have found very useful to secure servers.

http://www.duosecurity.com/docs/duounix

First install the compiling software

sudo apt-get install build-essential automake checkinstall libssl-dev libpam-dev

Visit https://github.com/duosecurity/duo_unix/downloads to download the latest version of of install, and use wget to dowload it.

sudo wget https://dl.duosecurity.com/duo_unix-latest.tar.gz

Extract the file

tar zxf duo_unix-latest.tar.gz

Now you need to compile the installation

cd duo_unix-1.9
sudo ./configure --prefix=/usr && sudo make && sudo make install

You now need to register your server with Duo.  To do this logon to the Duo Security Dashboard and add a new registration, copy the details into the following file:

sudo nano /etc/duo/login_duo.conf
[duo]
; Duo integration key
ikey = INTEGRATION_KEY
; Duo secret key
skey = SECRET_KEY
; Duo API hostname
host = API_HOSTNAME

Now you need to test by running the following.  If this is your first time setting this up, you will be given an enrolment URL link to follow:

/usr/sbin/login_duo

There are a number of ways to use Duo Security to authenticate you.  I prefer to do this on a user by user basis.  So I add the following at the start of the ~/.ssh/authorized_keys file.  This SSH to authenticate me using both certificate and Duo together.

command="/usr/sbin/login_duo"

If you want to enable it for all users, the you can add the following to the bottom of the /etc/ssh/sshd_config file:

ForceCommand="/usr/sbin/login_duo"

and the restart the ssh service:

sudo service ssh restart