- This topic has 2 replies, 3 voices, and was last updated 8 years, 7 months ago by
.
-
Posts
-
Hi,
We are in the process of checking if we need to extend the license of NoMachine or we will wait 1-2 years because basically it does all the things it has to do.
One feature we are really missing (or at least we don’t know how to implement this) is the support for 2FA authentication from Duo Security. We use their system everywhere. They provide a pam module at https://www.duosecurity.com/docs/duounix
– GerwinFor now NoMachine supports Two Factor Authentication with properly configured Duo Security (only Duo Push method). Here are instructions how to configure server. Instructions can be found also on Duo Security webpage – https://www.duosecurity.com/docs/duounix
1. Log in to the Duo Admin Panel, click add application and pick UNIX Application from list to get integration key, secret key, and API hostname.
2. Install required headers and libraries.
Debian/Ubuntu:
apt-get install libssl-dev
apt-get install libpam-dev
CentOS/RHEL:
yum install openssl-devel
yum install pam-devel
SLES/SUSE:
zypper install libopenssl-devel
zypper install pam-devel3. Download and install duo_login.
$ wget https://dl.duosecurity.com/duo_unix-latest.tar.gz
$ tar zxf duo_unix-latest.tar.gz
$ cd duo_unix-1.9.15
$ ./configure –prefix=/usr && make && sudo make install4. Edit /etc/duo/login_duo.conf file by giving your intergration key, secret key and api hostname like this:
[duo]
; Duo integration key
ikey = INTEGRATION_KEY
; Duo secret key
skey = SECRET_KEY
; Duo API hostname
host = API_HOSTNAME5. Run /usr/sbin/login_duo as regular user. You’ll be given an enrollment link, please visit the URL and enroll your mobile phone.
6. Edit your /etc/ssh/sshd_config file and add this line to your config file:
ForceCommand /usr/sbin/login_duo
PermitTunel no
AllowTcpForwarding no7. Restart your sshd
service sshd restartAfter these steps you are able to use Duo Security with NoMachine on SSH connections.
This topic was marked as solved, you can't post.