PSD Computing and Information Technology

PSD Duo Network Gateway

About the Duo Network Gateway

PSD Computing and IT hosts a Duo Network Gateway (DNG) which allows offsite users to SSH or RDP into devices on campus without the need for VPN. To observe how the DNG works, please view the below video.

The DNG is only available to users with a CNET ID that have at least one registered Duo device. It is also not available for text-only operating systems (e.g., Linux without a desktop environment).

In order to use the DNG, it must first be enabled on your account. Please submit this form to request access.

After access has been granted, please follow the install instructions for your operating system below.

Installing & Using the DNG Client

(Click on your OS below to expand the accordion.)
Linux

SSH Usage:

For SSH, you must install DuoConnect with sudo access: https://dl.duosecurity.com/DuoConnect-latest.tar.gz

  1. Open up a terminal window and navigate to the directory where you downloaded the DuoConnect installer gz file.
  2. In your terminal window type the following command to unpack the installer:
    • tar xzvf DuoConnect-1.1.1.tar.gz
    • Note that the filename may differ slightly from this example to reflect the most recent version.
  3. You can now run the installer by typing:
    • sudo ./install.sh
  4. You’ll be asked to enter your password. Upon successful installation you’ll see the following:
    • + cp duoconnect /usr/local/bin/
    • + chmod 755 /usr/local/bin/duoconnect
    • + chown 0:0 /usr/local/bin/duoconnect

Terminal

    1. Open your ~/.ssh/config file in a text editor. If you don’t have this file, create it.
    2. Copy and paste in the DuoConnect connection string below: 
      • Host <Hostname of the SSH server> ProxyCommand duoconnect -host=%h:%p -relay=https://ssh-relay.psd.uchicago.edu
    3. Save the ~/.ssh/config file.
    4. Test your SSH connection.

RDP Usage:

NOTE: Linux does not support RDP connections via DNG at this time.

Mac

SSH Usage:

For SSH, you must install DuoConnect: https://dl.duosecurity.com/DuoConnect-latest.pkg

Terminal

    1. Open your ~/.ssh/config file in a text editor. If you don’t have this file, create it.
    2. Copy and paste in the DuoConnect connection string below: 
      • Host <Hostname of the SSH server> ProxyCommand duoconnect -host=%h:%p -relay=https://ssh-relay.psd.uchicago.edu
    3. Save the ~/.ssh/config file.
    4. Test your SSH connection.

RDP Usage:

For RDP, you must install both:

Once both are installed, here is how to configure DuoDesktop:

    1. Click on the Duo Desktop menu bar icon to open the Duo Desktop application.
    2. Click the menu icon (three stacked horizontal lines) in the upper-left.
    3. Click on the DuoConnect menu item to open the “Welcome to DuoConnect” page. Click Get Started.
    4. On the “DuoConnect” app screen, enter in the following for the Server hostname: https://dng01.psd.uchicago.edu/
    5. Click Add Hostname. This adds your Duo Network Gateway hostname to the list of configured DuoConnect hostnames.Configure DuoConnect Server Hostname in Duo Desktop on macOS
    6. Click anywhere else on the Windows desktop to minimize Duo Desktop’s window back to the menu bar.
    7. You may now use your RPD client normally however you must replace the hostname of the server with a translation for DNG. Here is an example table.
Server hostname Hostname to use with Duo Gateway
example.uchicago.edu example.duo.psd.uchicago.edu
example.psd.uchicago.edu example.psd.duo.psd.uchicago.edu
example.ad.uchicago.edu example.ad.duo.psd.uchicago.edu
Windows

SSH Usage:

For SSH, you must install DuoConnect: https://dl.duosecurity.com/DuoConnect-latest.msi

Git, Cygwin, and Other OpenSSH based Terminals

    1. Open your ~/.ssh/config file in a text editor. If you don’t have this file, create it.
    2. Copy and paste in the DuoConnect connection string below: 
      • Host <Hostname of the SSH server> ProxyCommand duoconnect -host=%h:%p -relay=https://ssh-relay.psd.uchicago.edu
    3. Save the ~/.ssh/config file.
    4. Test your SSH connection.

PuTTY

    1. Open up PuTTY and load a saved PuTTY session for the SSH server you’ll be connecting to with DuoConnect.
    2. Expand the Connection category on the left-hand side of the PuTTY session window, and then click on Proxy. The “Options controlling proxy usage” appear on the right-hand side of the window.
    3. Under “Proxy type” select Local.
    4. Under “Telnet command, or local proxy command” copy and paste the following: 
      • duoconnect -host=%host:%port -relay=https://ssh-relay.psd.uchicago.edu

        DuoConnect PuTTY Configuration

    5. Return to the saved PuTTY session window and click Save to update the session with the DuoConnect information.
    6. Test your SSH connection

RDP Usage:

For RDP, you must install both:

Once both are installed, here is how to configure DuoDesktop:

    1. Click on the Duo Desktop icon in the system tray to open the Duo Desktop application.
    2. Click the menu icon (three stacked horizontal lines) in the upper-left.
    3. Click on the DuoConnect menu item to open the “Welcome to DuoConnect” page. Click Get Started.
    4. On the “DuoConnect” app screen, enter in the following for the Server hostname: https://dng01.psd.uchicago.edu/
    5. Click Add Hostname. This adds your Duo Network Gateway hostname to the list of configured DuoConnect hostnames.Configure DuoConnect Server Hostname in Duo Desktop App on Windows
    6. Click anywhere else on the Windows desktop to minimize Duo Desktop’s window back to the menu bar.
    7. You may now use your RPD client normally however you must replace the hostname of the server with a translation for DNG. Here is an example table.
Server hostname Hostname to use with Duo Gateway
example.uchicago.edu example.duo.psd.uchicago.edu
example.psd.uchicago.edu example.psd.duo.psd.uchicago.edu
example.ad.uchicago.edu example.ad.duo.psd.uchicago.edu

DNG Examples

Configuring DNG for SSH

Configuring DuoConnect for RDP (Part 1)

Configuring DNG for RDP (Part 2)

Scroll to Top