Monthly Archives: January 2026

Building from Duo Unix from Source

Leave a reply

Note: In the end, the problem I had building from source appears to have been incomplete / canceled apt upgrades.

As I mentioned earlier this week, I had to upgrade the Duo Security Multifactor Authentication software, known as Duo Unix. This software allows PAM access control with a multifactor authenticator to access my SSH boxes. An interesting aside: the same software is also handling the Web Server traffic for logging in to WordPress.

Note: After doing upgrades to my server, which had problems. I can now get ./configure working, so part of it sounds like my box was the issue due to an incomplete partial update.

Set up note, for this blog, I’m not redoing the work on my server, but running on a fresh install of Debian testing (Forky). I’ve already installed the kernel headers and build-essentials packages for use with the VirtualBox Guest Additions, so I’ll skip that below. If you don’t have those, you should make sure they’re installed. I don’t know if the headers are needed, but I’ve always grabbed those for installing from source.

When I originally built the software, I don’t think Duo Security was providing the Debian .deb packages for installation. Or if they were, they were not the same software revision at the time. For the upgrade, I decided to switch to the Debian package this time. That will be the next blog post. Needless to say, after some time working with their documentation and trying to get the apt command to work, I decided it might be faster to build from source again.

Spoiler alert, it wasn’t.

Continue reading

Dealing with Burnout (or Why I Haven’t Been Posting)

Leave a reply

I’ve spent the last year dealing with burnout, and really shut down overall on tech, which is part of the reason the blog hasn’t had much done on it, even though I have several blog ideas (projects and results, or industry trends I’m seeing and want to comment on) that are in the wings. Like the last couple of honeypot series posts, “Does Cyberchef call home or leakdata”, some stuff on pihole, and some things on Android Wi-Fi.

Instead, I’ve been doing things working with my hands, mostly gardening and woodworking. Occasionally, I’ll get to go hiking; although, does short rail-to-trail hiking really count? Also, hills don’t care how many rail-to-trail miles you have recently.

Lastly, my current day job doesn’t have many techies on the team. Most of them come to work, do the job, and go home. I think there are three of us who have “home labs”, and we don’t see each other in the office much, which prevents the good tech build discussions.

However, the last few weeks I’ve been doing a little more tech work. I had to get the AWS Cloud Practitioner Foundational certification for work. I’ve had to update Duo Security’s MFA software, and I made some changes to my mail server to prep for migrating to Dovecot 2.4, which I should have done already, but I’ve been dealing with burnout.

Today has been fun, though. I’ve built a new VM to redo the Duo MFA installs and to blog about the issues. I’ve had. I had to create the Debian VM several times, and I’m still trying to get Guest Additions to work right. It’s been so long since I set up a VM that I’ve forgotten many of the tweaks I used to memorize. I also managed to mess up my Debian install from when I built my PC several years ago. The updates seemed to break something. I’ll probably have to reinstall if updating the BIOS (based on errors in the logs) doesn’t fix it.

Duo MFA CA Bundle experiation soon

Leave a reply


For those that don’t know, Duo Security has been sending out emails since at least the end of August about their CA certificate bundle expiring on February 2nd, 2026. The main point was to upgrade your system so you can keep using Duo Security’s MFA on ssh, web servers, etc.

The last time I installed Duo’s MFA tool, I built it from source. The upgrade, which includes the new certs, appears to have been successful, but it took about 6 hours to get it working.

I say it appears to be successful because before the upgrade to the current version, every login would generate an email and log entry in the Duo unsupported (can’t get an update to the CA bundle) log panel on the admin site.

I haven’t seen any new entries or received any new emails since the upgrade, but it was an adventure to get it working. I’ll share a more thorough write-up before February 2nd, in case anyone else gets stuck.