configur ssh
This commit is contained in:
parent
8c967495e7
commit
af2f7d191a
2 changed files with 25 additions and 1 deletions
|
@ -1,7 +1,6 @@
|
|||
---
|
||||
- name: Install and update basic tools
|
||||
apt:
|
||||
update_cache: yes
|
||||
name:
|
||||
- sudo
|
||||
- vim
|
||||
|
@ -18,6 +17,7 @@
|
|||
- tcpdump
|
||||
- net-tools
|
||||
state: latest
|
||||
update_cache: true
|
||||
register: apt_result
|
||||
retries: 3
|
||||
until: apt_result is succeeded
|
||||
|
|
24
roles/ssh_totp/tasks/main.yml
Normal file
24
roles/ssh_totp/tasks/main.yml
Normal file
|
@ -0,0 +1,24 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: base-totp
|
||||
|
||||
- name: Eddit pam config for ssh
|
||||
lineinfile:
|
||||
path: /etc/pam.d/sshd
|
||||
regexp: 'pam_oath.so'
|
||||
line: "auth required pam_oath.so usersfile=/etc/users.oath window=60 digits=6"
|
||||
insertbefore: BOF
|
||||
|
||||
- name: Set ChallengeResponseAuthentication in sshd conf
|
||||
path: /etc/ssh/sshd_config
|
||||
regexp: '^#?ChallengeResponseAuthentication'
|
||||
line: 'ChallengeResponseAuthentication yes'
|
||||
|
||||
- name: Set UsePAM in sshd conf
|
||||
path: /etc/ssh/sshd_config
|
||||
regexp: '^#?UsePAM'
|
||||
line: 'UsePAM yes'
|
||||
|
||||
|
||||
|
||||
|
Loading…
Reference in a new issue