Download necessary files and its checksum.
https://duo.com/docs/checksums
Every time you download the file, it is advised to check the downloaded file and its checksum to ensure there was no corruption that might be caused by unstable network connection during the download or storage failure.
Powershell
Get-FileHash [download-file] | Format-List
Duo Authproxy
Start authpoxy
net start duoauthproxy
Restart authpoxy
net stop duoauthproxy && net start duoauthproxy
Test Connectivity.
[installed-directory]\authproxy_connectivity_tool.exe
Reference: https://duo.com/docs/authproxy-reference#start-the-proxy
Duo Authproxy Password Encryption.
To enable password encryption on DUO, you can use both methods:
Encrypt Single password
- Encrypted password in command-line.
authproxy_passwd.exe "[secret-password]"
- Encrypted password, and exported the to a txt file.
authproxy_passwd.exe "password" >> C:\Install\ExportedEncryptedPassword.txt
After you encrypt password, put the encrypted password show on command-line or ExportedEncryptedPassword.txt on to config file (and adding _protected suffix).
Example:
– Before using encrypted password.
service_account_password = "real-secret-password"
– After using encrypted password.
service_account_password_protected = "generated-encrypted-password"
Encrypt whole config
Backup the config first before encrypting, just in case.
authproxy_passwd.exe --whole-config [config-file]
Decript whole config
authproxy_passwd.exe --whole-config --decrypt
Instaling duoproxy on multiple servers.
Installing duoproxy on multiple servers are possible for redudancy. You need to add both duoproxy servers on your router.
Upgrading Duo Proxy
To upgrade the Duo Authentication Proxy, simply download the most recent version and install it over your currently running version. The installer preserves your current configuration, log files, and encryption when upgrading to the latest release. Consider making a backup copy before running the upgrade, securing it as you would your running config file (as the backup file will also contain your passwords and secrets).