![Add yubikey to duo](https://cdn1.cdnme.se/5447227/9-3/24_64e61dfd9606ee7f8b257167.png)
without a local password, please refer to Duo Security's own OpenVPN plugin and guide. If you wish to use Duo Security as your primary authentication method, i.e. Please note, your PAM username will need to match your username in Duo Security. If you want to add a new user to be able to authenticate, you can simply add the new user with the useradd command in Ubuntu.
![add yubikey to duo add yubikey to duo](https://i.ytimg.com/vi/rCw9_-20uQ4/maxresdefault.jpg)
PAM uses the Ubuntu's user management to authenticate against so we don't need to manage an extra database of username and passwords. PAM authentication is the simplest form of username/password authentication we can use with OpenVPN. A username and password using PAM, and a challenge request using Duo Security. This guide will add two more authentication steps. This guide assumes you have followed one of our server setup guides and you are already able to connect to the server we will be modifying using certificate/key authentication. You already have a copy of Viscosity installed on your client device and already setup for this server.You have already an OpenVPN server running using one of our guides.You have root access to this installation.You have already installed the latest version of Ubuntu (18.04.3 at time of writing).This guide will expand on setting up an OpenVPN server on Ubuntu by adding Duo Security support to that server using Viscosity's built in Challenge/Request support.
![add yubikey to duo add yubikey to duo](https://howchoo.com/media/nz/qx/zg/nzqxzgiymdn.jpeg)
This adds another security measure to prevent unwanted users connecting to your server. One way to do that is to use 2FA (Two Factor Authentication). After setting up your own OpenVPN server, you may want to enhance it's security.
![Add yubikey to duo](https://cdn1.cdnme.se/5447227/9-3/24_64e61dfd9606ee7f8b257167.png)