Skip to content

HackDefendr Security Research

Your Open Source Intelligence Resource

  • Home
  • Laws
    • A-D
      • Alabama
      • Alaska
      • Arizona
      • Arkansas
      • California
      • Colorado
      • Connecticut
      • Delaware
      • D.C.
    • F-L
      • Florida
      • Georgia
      • Hawaii
      • Idaho
      • Illinois
      • Indiana
      • Iowa
      • Kansas
      • Kentucky
      • Louisiana
    • M
      • Maine
      • Maryland
      • Massachusetts
      • Michigan
      • Minnesota
      • Mississippi
      • Missouri
      • Montana
    • N
      • Nebraska
      • Nevada
      • New Hampshire
      • New Jersey
      • New Mexico
      • New York
      • North Carolina
      • North Dakota
    • O-T
      • Ohio
      • Oklahoma
      • Oregon
      • Pennsylvania
      • Rhode Island
      • South Carolina
      • South Dakota
      • Tennessee
      • Texas
    • U-W
      • Utah
      • Vermont
      • Virginia
      • Washington
      • West Virginia
      • Wisconsin
      • Wyoming
  • Mental Health
    • Signs of Depression
  • OSINT Tools
    • Top 20 OSINT Tools
    • Search Engines 4 Hackers
    • OSINT Virtual Machines
  • OSINT Contact
  • CyberChef
  • Downloads

Category: two-factor

Two-Step Authentication for SSH on Linux Servers

These instructions explain how to install Duo on a stock system. The Information Security Office (ISO) encourages you to share advanced configurations with the Stanford Linux users community.

Installation instructions

  1. Before you install Duo, create a verified recoverable backup of the server (strongly recommended).
  2. Obtain your API keys (integration key and secret key) and Duo API hostname, which you need to integrate with the Stanford University Duo installation. You can either generate the keys and hostname yourself or submit a request for them.
    • To generate the keys and hostname yourself:
      • Authenticate yourself via Kerberos (i.e., kinit) if you have not already done so.
      • Install wallet if you have not already done so.
      • Run the following command, where “yourcomputer.domain.com” is replaced with the fully-qualified domain name of the node:
        wallet get duo-pam yourcomputer.domain.com
        [duo]
        ikey = aq1sw2de3fr4gt5hy6ju7ki8lo9
        skey = 1qaz2wsx3edc4rfv5tgb6yhn7ujm8ik
        host = api-123456789.duosecurity.com
  3. Install the prerequisite software, OpenSSL and libpam (relevant installation instructions for Linux systems are excerpted below from the Duo website at duo.com/docs/duounix):
    • For Ubuntu and Debian:
      apt-get install libssl-dev libpam-dev
    • For Red Hat and CentOS:
      yum install openssl-devel pam-devel
      
  4. Download Duo for Unix (this requires an Internet connection):
    wget https://dl.duosecurity.com/duo_unix-latest.tar.gz
    tar zxf duo_unix-latest.tar.gz
    
  5. Install Duo with PAM from inside the Duo folder:
    cd duo_unix-*
    ./configure --with-pam --prefix=/usr && make && sudo make install
    
  6. Edit your /etc/ssh/sshd_config file to include the following lines:
    ChallengeResponseAuthentication yes
    PasswordAuthentication yes
    UsePAM yes
    
  7. Edit your PAM configuration to match the recommendations for your distribution. You can find per-distribution PAM settings at duo.com/docs/duounix.This is an example of how your /etc/pam.d/common-auth file could look:
    auth    [success=2 default=die]    pam_krb5.so minimum_uid=1000
    auth    [success=2 default=die]    pam_unix.so nullok_secure try_first_pass
    
    auth    requisite            pam_deny.so
    
    auth    required            pam_duo.so
    auth    required            pam_permit.so
    
    auth    optional            pam_afs_session.so
    

    Note: This example is intended for systems authenticating with Kerberos. The last line is used to auth against afs. If you are not running afs, the last line is probably not needed.

  8. Edit API host and keys /etc/duo/pam_duo.conf (or /etc/security/pam_duo.conf, depending on your distro) and insert the values from step 2.
    Example:

    [duo]
    ; Duo API host
    host = api-123456789.duosecurity.com
    ; Duo integration key
    ikey = aq1sw2de3fr4gt5hy6ju7ki8lo9
    ; Duo secret key
    skey = 1qaz2wsx3edc4rfv5tgb6yhn7ujm8ik
    
  9. Restart SSH.
  10. Ensure that you can SSH in from a new session, to avoid getting locked out.
  11. If you can SSH to the system and are prompted to use Duo, installation is complete.
hackdefendr 2FA, duo, ssh, two-factor Leave a comment September 20, 2018September 20, 2018 2 Minutes

Security Quote

We are at the mercy of our preparation.

— Tim Leberecht

Twitter

Snapchat Cameo edits your face into videos techcrunch.com/2019/… Snapchat is preparing to launch a big new feature that uses your selfies to replace the faces of people in videos you can then share. It's essentially a simplified way to Deepfake you into GIFs.

About 9 hours ago from Blueteam 4 Life's Twitter via TweetDeck

Caroll Spinney, 'Sesame Street' Big Bird Puppeteer, Dies At 85

About 11 hours ago from Blueteam 4 Life's Twitter via TweetDeck

By far the most creative Die Hard ornament ever. Like, whoever made this wins the Internet. pic.twitter.com/n3DP…

About 11 hours ago from Blueteam 4 Life's Twitter via TweetDeck

For when you don't and I absolutely mean don't ever give up. This little red belt brings oxygen tanks on stage to test for black belt! pic.twitter.com/3MHu…

About 12 hours ago from Blueteam 4 Life's Twitter via TweetDeck

Um. What? twitter.com/MAGAalld…

About 14 hours ago from Blueteam 4 Life's Twitter via TweetDeck

Packetstorm Security News

  • Mozilla Patches Eleven Vulnerabilities In Firefox 71 And ESR 68.3

  • Facebook Alleges Company Infiltrated Thousands For Ad Fraud

  • New Ransomware Targets Your NAS, Backup Storage

  • New Vuln Lets Attackers Sniff Or Hijack VPN Connections

  • US Charges Russian Nationals Over Evil Corp Hacking Attacks

  • Lazarus Group Visits The Apple Orchard With New macOS Trojan

Powered by WordPress.com.