Some OpenWrt package Makefiles I made with help from #openwrt-devel.
See https://forum.openwrt.org/t/testers-wanted-duo-2-factor-auth-for-ssh-and-mosh/48684
TODO: Create a feed, I currently cross compile for x86_64 and MT7628NN. I do have some bcm53xx and ath79 devices.
-
duo_unix - Duo Unix is a stand alone executable that can be used to protect programs such as OpenSSH or Sudo.
login_duo
is built to use withopenssh-server
without PAM support. Configuresshd_config
withForceCommand=/usr/sbin/login_duo
. This will not work with Mosh.
Duo offers free 2FA up to 10 users, if you have already setup Duo users and 2FA phones/YubiKeys. this will just work. See - https://duo.com/docs/loginduo -
duo_unix-pam - Duo Unix with Pluggable Authentication Modules (PAM) support provides a secure and customizable method for protecting Unix and Linux logins.
pam_duo.so
is for use withopenssh-server-pam
.
See - https://duo.com/docs/duounix
Example /etc/pam.d/sshd
config:
#%PAM-1.0
auth required pam_env.so
auth sufficient pam_duo.so
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
account include system-remote-login
password include system-remote-login
session include system-remote-login
Example /etc/ssh/sshd_config
config:
PubkeyAuthentication yes
PasswordAuthentication no
UsePAM yes
ChallengeResponseAuthentication yes
UseDNS no
- mosh - Mosh is a UDP replacement for interactive SSH terminals. It's more robust and responsive, especially over Wi-Fi, cellular, and long-distance links burdened with latency. See - https://mosh.org
Instructions to build for OpenWrt at https://github.com/mobile-shell/mosh/wiki/Build-Instructions
The Makefile is based off an old version by Entware.