Skip navigation

Duo Unix - Two-Factor Authentication for SSH - Release Notes

Last Updated: June 2nd, 2022

Duo can be easily added to any Unix system to protect remote (SSH) or local logins with the addition of a simple pam_duo PAM module. It has been tested on Linux (RedHat, Fedora, CentOS, Debian, Ubuntu, Amazon Linux), BSD (FreeBSD, NetBSD, OpenBSD), Solaris, and AIX. The code is open-source and available on GitHub.

Download the current release from the Checksums and Downloads page.

duo_unix-1.12.1 - June 2, 2022

  • Added package support for Fedora 34, Red Hat 9, CentOS Stream 8, CentOS Stream 9, and Ubuntu 22.04.
  • CentOS 8 and Ubuntu 14.04 and 16.04 no longer supported.
  • Updated GPG public key for downloading distribution packages; now SHA512 instead of SHA1.

duo_unix-1.12.0 - February 2, 2022

  • Duo Unix now uses JSON rather than BSON.
  • CentOS 8 and Ubuntu 14.04 and 16.04 support is deprecated and will be removed in the next release.

duo_unix-1.11.5 - November 30, 2021

  • Added support for Debian 11.
  • Debian 8 and CentOS 6 no longer supported.
  • Fixed MOTD display for non-interactive sessions.
  • The support tool now also collects the sudo PAM configuration file.
  • Updated pinned certificates.

duo_unix-1.11.4 - May 18, 2020

  • Added support for Ubuntu 20.04.
  • Added support tool to collect information (e.g. logs and PAM stacks) you can send to Duo Support when troubleshooting issues.
  • Ubuntu 12.04 no longer supported.
  • Debian 8 and CentOS 6 support is deprecated and will be removed in the next release.
  • Updated GPG public key for downloading distribution packages.

duo_unix-1.11.3 - October 2019

  • Support for CentOS 8, Red Hat 8, and Debian 10.
  • Improved validation of BSON messages.
  • Updated GPG public key for downloading distribution packages.
  • Ubuntu 12.04 support is deprecated and will be removed in the next release.

duo_unix-1.11.2 - June 2019

  • Published a guide to recommended Kerberos configuration for Duo Unix. Thanks to Neal Poole at Facebook for bringing expertise and attention to this topic.
  • Updated SELinux policy to allow local logins to use the pam_duo PAM module and made sshd configurable. This requires installation of selinux-policy-devel on CentOS and RHEL 7 as a prerequisite.
  • Added support for spaces in group names when escaped with backslashes in pam_duo.conf and login_duo.conf
  • Debian 7 no longer supported.

duo_unix-1.11.1 - November 2018

  • Fixed bug causing console login to fail on certain systems.
  • Debian 7 support is deprecated and will be removed in the next release.

duo_unix-1.11.0 - October 2018

  • Added configuration options for parsing the Duo username out of the GECOS field: gecos_username_pos and gecos_delim.
  • Support for Debian 9 (Stretch).
  • CentOS 5 no longer supported.

duo_unix-1.10.5 - September 2018

  • CentOS 5 support is deprecated and will be removed in the next release.
  • Fixed a bug that caused a segfault on systems where the hostname wasn't retrievable.

duo_unix-1.10.4 - August 2018

  • CentOS 5 support is deprecated and will be removed in a future release.
  • Support for TLS 1.2.
  • Support for LibreSSL 2.7.0 and up.
  • Support for Ubuntu 18.04 (Bionic Beaver).
  • Minor memory leak fixes.
  • Output a message during authentication when a user is locked out.
  • FIPS-compliant when run on a system with FIPS enabled system-wide.
  • Sends the hostname to Duo's service so that it appears in the authentication logs.

Note that releases between 1.10.1. and 1.10.4 contained no code changes.

duo_unix-1.10.1 - August 2017

  • Fixed bug causing automated tests to fail on OSX.
  • Addressed an issue which kept configuration secrets in memory for longer than necessary.

duo_unix-1.10.0 - June 2017

  • Added LibreSSL support.
  • Added additional GECOS parsing support.
  • Increased OSX group count.

duo_unix-1.9.21 - May 2017

  • Only allow http_proxy to be defined in configuration file instead of environment. PSA-2017-002

duo_unix-1.9.20 - May 2017

  • Fix installation on AIX systems.
  • Add support for using OpenSSL 1.1.0.
  • Link libduo statically to address issues with the ldconfig cache and incompatibilities between versions.
  • Fixed a bug that produced incorrect SNI when using a proxy.

duo_unix-1.9.19 - August 2016

  • Restore the http_proxy environment variable after Duo is done.
  • Added https_timeout config option to pam_duo.
  • Handles missing shell and adds default if not specified in getpwuid.
  • Add SNI support and a guard for systems that don't support SNI.
  • Bug fixes for timeouts and fallback ip addresses.
  • Debian 6 no longer supported.

duo_unix-1.9.18 - January 2016

  • Added HTTP proxy connection error handling.
  • Improved compatibility with Solaris and AIX.
  • Debian 6 support is deprecated and will be removed in the next release.

duo_unix-1.9.17 - October 2015

  • Fixed PAM return code issue.

duo_unix-1.9.16 - October 2015

  • Test fixes.
  • Compilation fixes.

duo_unix-1.9.15 - September 2015

  • SELinux policy module package support.
  • PAM module improvements.
  • Removed deprecated SHA1 Entrust CA.

duo_unix-1.9.14 - January 2015

  • Added SELinux policy module.
  • Improve poll(2) error handling.

duo_unix-1.9.13 - October 2014

  • Bugfixes for signal handling.

duo_unix-1.9.12 - September 2014

  • Include https_timeout configuration parameter.
  • IPv6 support on systems that have getaddrinfo.

duo_unix-1.9.11 - April 2014

  • Improve compatibility with FreeBSD 10.

duo_unix-1.9.10 - April 2014

  • Use the correct timeout when polling.

duo_unix-1.9.9 - April 2014

  • Use poll(2) instead of select(2) for timeouts to support busy systems with many open file descriptors.
  • Send User-Agent header with each request.

duo_unix-1.9.8 - April 2014

  • Improve support for SHA2 in HTTPS.

duo_unix-1.9.7 - January 2014

  • Allow using accept_env_factor with SSH.
  • Allow using autopush with PAM on Mac OS X.

See the CHANGES file on GitHub for extended version history.