add variables
This commit is contained in:
Jean-Marie Mineau
parent
a54a366adf
commit
58f67e4e86
3 changed files with 20 additions and 10 deletions
24
gen_otp.py
24
gen_otp.py
|
|
@ -5,7 +5,7 @@
|
|||
Generate an TOTP token (hex value for user.oath file and qrcode).
|
||||
|
||||
usage:
|
||||
gen_otp.py [user [machine [periode]]]
|
||||
gen_otp.py [user [machine [periode [digits]]]]
|
||||
|
||||
dependancies:
|
||||
pip3 install qrcode
|
||||
|
|
@ -15,19 +15,28 @@ import base64
|
|||
import binascii
|
||||
import secrets
|
||||
import sys
|
||||
import yaml
|
||||
|
||||
import qrcode
|
||||
|
||||
USAGE = "gen_otp.py [user [machine [periode]]]"
|
||||
VAR_FILE = "group_vars/all/totp.yml"
|
||||
|
||||
with open(VAR_FILE) as f:
|
||||
VARS = yaml.safe_load(f)
|
||||
|
||||
USAGE = "gen_otp.py [user [machine [periode [digits]]]]"
|
||||
USER = "user"
|
||||
MACHINE = "Pains-Perdus"
|
||||
PERIODE = 60
|
||||
MACHINE = VARS.get('totp_machine', 'machine')
|
||||
PERIODE = VARS.get('totp_periode', 60)
|
||||
DIGITS = VARS.get('totp_digits', 6)
|
||||
|
||||
if len(sys.argv) == 2 and sys.argv[1] in ['-h', 'help', '--help']:
|
||||
print(USAGE)
|
||||
exit(0)
|
||||
if len(sys.argv) == 4:
|
||||
PERIODE = int(sys.argv)
|
||||
if len(sys.argv) == 5:
|
||||
DIGITS = int(sys.argv[4])
|
||||
if len(sys.argv) >= 4:
|
||||
PERIODE = int(sys.argv[3])
|
||||
if len(sys.argv) >= 3:
|
||||
MACHINE = sys.argv[2]
|
||||
if len(sys.argv) >= 2:
|
||||
|
|
@ -36,10 +45,11 @@ if len(sys.argv) >= 2:
|
|||
token = secrets.token_bytes(15)
|
||||
token_hex = binascii.hexlify(token).decode('utf-8')
|
||||
token_b32 = base64.b32encode(token).decode('utf-8')
|
||||
uri = "otpauth://totp/{user}@{machine}?secret={secret}&period={periode}".format(
|
||||
uri = "otpauth://totp/{user}@{machine}?secret={secret}&digits={digits}&period={periode}".format(
|
||||
user=USER,
|
||||
machine=MACHINE,
|
||||
secret=token_b32,
|
||||
digits=DIGITS,
|
||||
periode=PERIODE)
|
||||
|
||||
print("hex:", token_hex)
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
lineinfile:
|
||||
path: /etc/users.oath
|
||||
regexp: "{{ item.name }}"
|
||||
line: "HOTP/T60/6 {{ item.name }} - {{item.totp}}"
|
||||
line: "HOTP/T{{ totp_periode }}/{{ totp_digits }} {{ item.name }} - {{item.totp}}"
|
||||
create: true
|
||||
group: root
|
||||
owner: root
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
lineinfile:
|
||||
path: /etc/pam.d/sshd
|
||||
regexp: 'pam_oath.so'
|
||||
line: "auth required pam_oath.so usersfile=/etc/users.oath window=60 digits=6"
|
||||
insertbefore: BOF
|
||||
line: "auth required pam_oath.so usersfile=/etc/users.oath window={{totp_periode}} digits={{totp_digits}}"
|
||||
insertafter: "^# PAM configuration for the Secure Shell service"
|
||||
|
||||
- name: Set ChallengeResponseAuthentication in sshd conf
|
||||
lineinfile:
|
||||
|
|
|
|||
Loading…
Reference in a new issue