Example with duo 2fa for webmin

1 post / 0 new
#1 Mon, 05/07/2018 - 16:46
maweber

Example with duo 2fa for webmin

Hi all I'd like to ask if duo 2fa would be an interesting for the GUI to implement natively. In the meantime this is my shortcut on how to do it on Ubuntu16.

(Of course you need a duo.com account, a registered app, and every user used must be enrolled, and confirmed). This shouldn't lock ssh out of the system AFAIK.

Best, Manu

echo "deb http://pkg.duosecurity.com/Ubuntu xenial main" > /etc/apt/sources.list.d/duosecurity.list

curl -s https://duo.com/APT-GPG-KEY-DUO | sudo apt-key add -
apt-get update && apt-get install duo-unix

apt install libauthen-pam-perl

mv /etc/pam.d/webmin /etc/pam.d/webminBAK
cat > /etc/pam.d/webmin << EOF
#%PAM-1.0
#@include common-auth
auth requisite pam_unix.so nullok
auth  [success=1 default=ignore] /lib64/security/pam_duo.so
auth  requisite pam_deny.so
auth  required pam_permit.so
@include common-account
@include common-password
@include common-session
EOF
cat /etc/pam.d/webmin

cat > /etc/duo/pam_duo.conf <<EOF
[duo]
; Duo integration key
ikey = --insertikey--
; Duo secret key
skey = --insertskey--
; Duo API host
host = --inserthost--
; Send command for Duo Push authentication
;pushinfo = yes
autopush = yes
EOF

systemctl restart webmin