configur ssh

This commit is contained in:
Jean-Marie Mineau 2021-04-15 16:03:35 +02:00
parent 8c967495e7
commit af2f7d191a
2 changed files with 25 additions and 1 deletions

View file

@ -1,7 +1,6 @@
---
- name: Install and update basic tools
apt:
update_cache: yes
name:
- sudo
- vim
@ -18,6 +17,7 @@
- tcpdump
- net-tools
state: latest
update_cache: true
register: apt_result
retries: 3
until: apt_result is succeeded

View file

@ -0,0 +1,24 @@
---
dependencies:
- role: base-totp
- name: Eddit pam config for ssh
lineinfile:
path: /etc/pam.d/sshd
regexp: 'pam_oath.so'
line: "auth required pam_oath.so usersfile=/etc/users.oath window=60 digits=6"
insertbefore: BOF
- name: Set ChallengeResponseAuthentication in sshd conf
path: /etc/ssh/sshd_config
regexp: '^#?ChallengeResponseAuthentication'
line: 'ChallengeResponseAuthentication yes'
- name: Set UsePAM in sshd conf
path: /etc/ssh/sshd_config
regexp: '^#?UsePAM'
line: 'UsePAM yes'