Skip navigation

Duo Unix - Two-Factor Authentication for SSH - Release Notes

Duo can be easily added to any Unix system to protect remote (SSH) or local logins with the addition of a simple pam_duo PAM module or login_duo module. It has been tested on Linux (RedHat, Fedora, CentOS, Debian, Ubuntu, Amazon Linux), BSD (FreeBSD, NetBSD, OpenBSD), Solaris, HP-UX, and AIX. The code is open-source and available on GitHub.

duo_unix-1.10.1 - August 2017

  • Fixed bug causing automated tests to fail on OSX
  • Addressed an issue which kept configuration secrets in memory for longer than necessary

duo_unix-1.10.0 - June 2017

  • Added LibreSSL support
  • Added additional GECOS parsing support
  • Increased OSX group count

duo_unix-1.9.21 - May 2017

  • Only allow http_proxy to be defined in configuration file instead of environment (PSA-2017-002)

duo_unix-1.9.20 - May 2017

  • Fix installation on AIX systems
  • Add support for using OpenSSL 1.1.0
  • Link libduo statically to address issues with the ldconfig cache and incompatibilities between versions
  • Fixed a bug that produced incorrect SNI when using a proxy

duo_unix-1.9.19 - August 2016

  • Restore the http_proxy environment variable after Duo is done
  • Added https_timeout config option to pam_duo
  • Handles missing shell and adds default if not specified in getpwuid
  • Add SNI support and a guard for systems that don't support SNI
  • Bug fixes for timeouts and fallback ip addresses

duo_unix-1.9.18 - January 2016

  • Added HTTP proxy connection error handling
  • Improved compatibility with Solaris and AIX

duo_unix-1.9.17 - October 2015

  • Fixed PAM return code issue

duo_unix-1.9.16 - October 2015

  • Test fixes
  • Compilation fixes

duo_unix-1.9.15 - September 2015

  • SELinux policy module package support
  • PAM module improvements
  • Removed deprecated SHA1 Entrust CA

duo_unix-1.9.14 - January 2015

  • Added SELinux policy module
  • Improve poll(2) error handling

duo_unix-1.9.13 - October 2014

  • Bugfixes for signal handling

duo_unix-1.9.12 - September 2014

  • Include https_timeout configuration parameter
  • IPv6 support on systems that have getaddrinfo

duo_unix-1.9.11 - April 2014

  • Improve compatibility with FreeBSD 10.

duo_unix-1.9.10 - April 2014

  • Use the correct timeout when polling.

duo_unix-1.9.9 - April 2014

  • Use poll(2) instead of select(2) for timeouts to support busy systems with many open file descriptors.
  • Send User-Agent header with each request.

duo_unix-1.9.8 - April 2014

  • Improve support for SHA2 in HTTPS.

duo_unix-1.9.7 - January 2014

  • Allow using accept_env_factor with SSH.
  • Allow using autopush with PAM on Mac OS X.

See the CHANGES file on GitHub for extended version history.

Ready to Get Started?

Sign Up Free