Support for Duo Security 2FA

Forum / General Discussions / Support for Duo Security 2FA

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
  • #8117


    We are in the process of checking if we need to extend the license of NoMachine or we will wait 1-2 years because basically it does all the things it has to do.

    One feature we are really missing (or at least we don’t know how to implement this) is the support for 2FA authentication from Duo Security. We use their system everywhere. They provide a pam module at
    – Gerwin



    We’ll look into this and report back with our findings. Watch this space.


    For now NoMachine supports Two Factor Authentication with properly configured Duo Security (only Duo Push method). Here are instructions how to configure server. Instructions can be found also on Duo Security webpage –

    1. Log in to the Duo Admin Panel, click add application and pick UNIX Application from list to get integration key, secret key, and API hostname.

    2. Install required headers and libraries.
    apt-get install libssl-dev
    apt-get install libpam-dev
    yum install openssl-devel
    yum install pam-devel
    zypper install libopenssl-devel
    zypper install pam-devel

    3. Download and install duo_login.
    $ wget
    $ tar zxf duo_unix-latest.tar.gz
    $ cd duo_unix-1.9.15
    $ ./configure –prefix=/usr && make && sudo make install

    4. Edit  /etc/duo/login_duo.conf file by giving your intergration key, secret key and api hostname like this:
    ; Duo integration key
    ; Duo secret key
    skey = SECRET_KEY
    ; Duo API hostname
    host = API_HOSTNAME

    5. Run /usr/sbin/login_duo as regular user. You’ll be given an enrollment link, please visit the URL and enroll your mobile phone.

    6. Edit your /etc/ssh/sshd_config file and add this line to your config file:
    ForceCommand /usr/sbin/login_duo
    PermitTunel no
    AllowTcpForwarding no

    7. Restart your sshd
    service sshd restart

    After these steps you are able to use Duo Security with NoMachine on SSH connections.

Viewing 3 posts - 1 through 3 (of 3 total)

This topic was marked as solved, you can't post.