How to access Terminal Proxy with Duo Push authentication

This document provides information on how to access Terminal Proxy using Duo Push authentication.

Requirements

• Access to Terminal Proxy.
• A compatible SSH client.
• Duo configured as the multifactor authentication method on the Segura® Platform. More information in How to register a Duo Security MFA authentication provider.
• Duo Mobile application configured on the mobile device.

Step 1: Enable MFA to start a session

1. On the Segura® Platform, hover over the Products menu and select Settings.
2. In the side menu, select System parameters > Global.
3. Open the Security tab and enable the Force multi-factor authentication to start a session? * parameter.

Step 2: Start the connection

1. Open the SSH client.
2. Start the SSH connection to the Segura® Platform using the user with Duo MFA enabled.
3. Enter the authentication credentials.
4. On the mobile device, locate the notification sent by the Duo Mobile application.
5. Approve the authentication request.

Step 3: Access the target device

1. After accessing the Segura® Platform environment, connect to the target device.
2. On the mobile device, locate the notification sent by the Duo Mobile application.
3. Approve the authentication request.
4. Confirm that the session started successfully.

Optional: Access the target device directly with multi-hop

1. Open the SSH client.
2. Connect to the Segura® Platform via SSH.
3. Enter your password or authentication token.
4. On the mobile device, locate the first notification sent by the Duo Mobile application, referring to the vault access.
5. Approve the first authentication request.
6. On the mobile device, locate the second notification sent by the Duo Mobile application, referring to the target device access.
7. Approve the second authentication request.
8. Confirm that the session started successfully.

After completing the steps above, the Terminal Proxy session will be established following Duo Push authentication approval on the mobile device.