ansible/roles/ssh_totp/tasks/main.yml

---
- name: Eddit pam config for ssh
  lineinfile:
    path: /etc/pam.d/sshd
    regexp: 'pam_oath.so'
    line: "auth	  required pam_oath.so usersfile=/etc/users.oath window={{totp_periode}} digits={{totp_digits}}"
    insertafter: "^# PAM configuration for the Secure Shell service"

- name: Set ChallengeResponseAuthentication in sshd conf
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: '^#?ChallengeResponseAuthentication'
    line: 'ChallengeResponseAuthentication yes'
  notify: Reload sshd

- name: Set UsePAM in sshd conf
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: '^#?UsePAM'
    line: 'UsePAM yes'
  notify: Reload sshd
configur ssh 2021-04-15 16:03:35 +02:00			`---`
			`- name: Eddit pam config for ssh`
			`lineinfile:`
			`path: /etc/pam.d/sshd`
			`regexp: 'pam_oath.so'`
add variables 2021-04-15 17:10:35 +02:00			`line: "auth required pam_oath.so usersfile=/etc/users.oath window={{totp_periode}} digits={{totp_digits}}"`
			`insertafter: "^# PAM configuration for the Secure Shell service"`
configur ssh 2021-04-15 16:03:35 +02:00
			`- name: Set ChallengeResponseAuthentication in sshd conf`
add base for totp 2021-04-15 16:24:51 +02:00			`lineinfile:`
configur ssh 2021-04-15 16:03:35 +02:00			`path: /etc/ssh/sshd_config`
			`regexp: '^#?ChallengeResponseAuthentication'`
			`line: 'ChallengeResponseAuthentication yes'`
reload ssh 2021-04-15 16:28:28 +02:00			`notify: Reload sshd`
configur ssh 2021-04-15 16:03:35 +02:00
			`- name: Set UsePAM in sshd conf`
add base for totp 2021-04-15 16:24:51 +02:00			`lineinfile:`
configur ssh 2021-04-15 16:03:35 +02:00			`path: /etc/ssh/sshd_config`
			`regexp: '^#?UsePAM'`
			`line: 'UsePAM yes'`
reload ssh 2021-04-15 16:28:28 +02:00			`notify: Reload sshd`
configur ssh 2021-04-15 16:03:35 +02:00