diff --git a/roles/base_config/tasks/main.yml b/roles/base_config/tasks/main.yml
index 188d49b..892f3d7 100644
--- a/roles/base_config/tasks/main.yml
+++ b/roles/base_config/tasks/main.yml
@@ -1,7 +1,6 @@
 ---
 - name: Install and update basic tools
   apt:
-    update_cache: yes
     name:
       - sudo
       - vim
@@ -18,6 +17,7 @@
       - tcpdump
       - net-tools
     state: latest
+    update_cache: true
   register: apt_result
   retries: 3
   until: apt_result is succeeded
diff --git a/roles/ssh_totp/tasks/main.yml b/roles/ssh_totp/tasks/main.yml
new file mode 100644
index 0000000..24b23e5
--- /dev/null
+++ b/roles/ssh_totp/tasks/main.yml
@@ -0,0 +1,24 @@
+---
+dependencies:
+  - role: base-totp
+
+- name: Eddit pam config for ssh
+  lineinfile:
+    path: /etc/pam.d/sshd
+    regexp: 'pam_oath.so'
+    line: "auth	  required pam_oath.so usersfile=/etc/users.oath window=60 digits=6"
+    insertbefore: BOF
+
+- name: Set ChallengeResponseAuthentication in sshd conf
+    path: /etc/ssh/sshd_config
+    regexp: '^#?ChallengeResponseAuthentication'
+    line: 'ChallengeResponseAuthentication yes'
+
+- name: Set UsePAM in sshd conf
+    path: /etc/ssh/sshd_config
+    regexp: '^#?UsePAM'
+    line: 'UsePAM yes'
+
+
+
+