login_duo-2.2.1 – two-factor authentication for unix systems (cvsweb github mirror)

Description

login_duo provides two-factor authentication for Unix systems. When
integrated with sshd(8) a challenge is sent to the users cell phone
before access is granted.

WWW: https://duo.com/docs/loginduo/

Readme

+-----------------------------------------------------------------------
| Running ${PKGSTEM} on OpenBSD
+-----------------------------------------------------------------------

First steps
===========
In order to use Duo Unix for two-factor authentication you have to first
sign up for an account if you don't already have one.
https://signup.duosecurity.com/

Then create a new UNIX Integration to get an integration key, secret
key, and API hostname. (See:
https://www.duosecurity.com/docs/getting_started)

Once you have this information, edit ${SYSCONFDIR}/login_duo.conf to
match your keys.

Test login_duo
==============
As a regular user, run ${PREFIX}/sbin/login_duo. You should
be provided with an enrollment link. Enroll your phone then run
${PREFIX}/sbin/login_duo again. Once you provide a valid pass
code you should get a SUCCESS message.

Enable SSH two-factor authentication
====================================
To enable two-factor authentication add

ForceCommand ${PREFIX}/sbin/login_duo

to your ${SYSCONFDIR}/ssh/sshd_config. Duo Security recommends disabling
PermitTunnel and AllowTcpForwarding when using two-factor
authentication.

When finished, restart sshd.

Maintainer

James Turner

Categories

sysutils

Files

Ports Readmes 7.52, created on 2025-10-10, powered by Dancer 1.3521