Adding 2 Factor Authentication to Guacamole through Duo and Yubikey

In order to do this you will need to grab the current duo extension as such:

wget https://gigenet.dl.sourceforge.net/project/guacamole/current/extensions/guacamole-auth-duo-0.9.13-incubating.tar.gz

Once downloaded, decompress and move it to the appropriate folder:

tar xzf guacamole-auth-duo-0.9.13-incubating.tar.gz && mkdir /etc/guacamole/extensions && mv ./guacamole-auth-duo-0.9.13-incubating/guacamole-auth-duo-0.9.13-incubating.jar /etc/guacamole/extensions/

Now add the Guacamole as an application to your Duo management page.  Select, Protect an Application under the Applications menu, then you will select the Web SDK application, rename it something like Guacamole.

Next you will need to edit your /etc/guacamole/guacamole.properties and add the following info to it from the Duo site (minus the last key):

duo-api-hostname: <Your API key found on the Duo site>
duo-integration-key: <Integration key found on the Duo site>
duo-secret-key: <Secret Key found on Duo site>
duo-application-key: <40 random characters, I used pwgen 40 1>

The duo-application-key is just any 40 characters that you save into this file, it is not found on the Duo site.  Once you add these to the bottom, restart the tomcat service.

Next you will need to ensure you have your token registered as per instructions here:
https://duo.com/docs/yubikey

Ensure the assigned user matches your Guacamole username and that if you are using the second token slot, you are holding the button on your Yubikey down for the token input (as well, make sure you are on token).

That's it!  Enjoy 2 factor authentication to your Guacamole server!