For now NoMachine supports Two Factor Authentication with properly configured Duo Security (only Duo Push method). Here are instructions how to configure server. Instructions can be found also on Duo Security webpage – https://www.duosecurity.com/docs/duounix
1. Log in to the Duo Admin Panel, click add application and pick UNIX Application from list to get integration key, secret key, and API hostname.
2. Install required headers and libraries.
Debian/Ubuntu:
apt-get install libssl-dev
apt-get install libpam-dev
CentOS/RHEL:
yum install openssl-devel
yum install pam-devel
SLES/SUSE:
zypper install libopenssl-devel
zypper install pam-devel
3. Download and install duo_login.
$ wget https://dl.duosecurity.com/duo_unix-latest.tar.gz
$ tar zxf duo_unix-latest.tar.gz
$ cd duo_unix-1.9.15
$ ./configure –prefix=/usr && make && sudo make install
4. Edit /etc/duo/login_duo.conf file by giving your intergration key, secret key and api hostname like this:
[duo]
; Duo integration key
ikey = INTEGRATION_KEY
; Duo secret key
skey = SECRET_KEY
; Duo API hostname
host = API_HOSTNAME
5. Run /usr/sbin/login_duo as regular user. You’ll be given an enrollment link, please visit the URL and enroll your mobile phone.
6. Edit your /etc/ssh/sshd_config file and add this line to your config file:
ForceCommand /usr/sbin/login_duo
PermitTunel no
AllowTcpForwarding no
7. Restart your sshd
service sshd restart
After these steps you are able to use Duo Security with NoMachine on SSH connections.