add variables

networking
Jean-Marie Mineau 3 years ago
parent a54a366adf
commit 58f67e4e86

@ -5,7 +5,7 @@
Generate an TOTP token (hex value for user.oath file and qrcode).
usage:
gen_otp.py [user [machine [periode]]]
gen_otp.py [user [machine [periode [digits]]]]
dependancies:
pip3 install qrcode
@ -15,19 +15,28 @@ import base64
import binascii
import secrets
import sys
import yaml
import qrcode
USAGE = "gen_otp.py [user [machine [periode]]]"
VAR_FILE = "group_vars/all/totp.yml"
with open(VAR_FILE) as f:
VARS = yaml.safe_load(f)
USAGE = "gen_otp.py [user [machine [periode [digits]]]]"
USER = "user"
MACHINE = "Pains-Perdus"
PERIODE = 60
MACHINE = VARS.get('totp_machine', 'machine')
PERIODE = VARS.get('totp_periode', 60)
DIGITS = VARS.get('totp_digits', 6)
if len(sys.argv) == 2 and sys.argv[1] in ['-h', 'help', '--help']:
print(USAGE)
exit(0)
if len(sys.argv) == 4:
PERIODE = int(sys.argv)
if len(sys.argv) == 5:
DIGITS = int(sys.argv[4])
if len(sys.argv) >= 4:
PERIODE = int(sys.argv[3])
if len(sys.argv) >= 3:
MACHINE = sys.argv[2]
if len(sys.argv) >= 2:
@ -36,10 +45,11 @@ if len(sys.argv) >= 2:
token = secrets.token_bytes(15)
token_hex = binascii.hexlify(token).decode('utf-8')
token_b32 = base64.b32encode(token).decode('utf-8')
uri = "otpauth://totp/{user}@{machine}?secret={secret}&period={periode}".format(
uri = "otpauth://totp/{user}@{machine}?secret={secret}&digits={digits}&period={periode}".format(
user=USER,
machine=MACHINE,
secret=token_b32,
digits=DIGITS,
periode=PERIODE)
print("hex:", token_hex)

@ -13,7 +13,7 @@
lineinfile:
path: /etc/users.oath
regexp: "{{ item.name }}"
line: "HOTP/T60/6 {{ item.name }} - {{item.totp}}"
line: "HOTP/T{{ totp_periode }}/{{ totp_digits }} {{ item.name }} - {{item.totp}}"
create: true
group: root
owner: root

@ -3,8 +3,8 @@
lineinfile:
path: /etc/pam.d/sshd
regexp: 'pam_oath.so'
line: "auth required pam_oath.so usersfile=/etc/users.oath window=60 digits=6"
insertbefore: BOF
line: "auth required pam_oath.so usersfile=/etc/users.oath window={{totp_periode}} digits={{totp_digits}}"
insertafter: "^# PAM configuration for the Secure Shell service"
- name: Set ChallengeResponseAuthentication in sshd conf
lineinfile:

Loading…
Cancel
Save