From af2f7d191ad8547a37ad452149e4c0ba6d72d6ad Mon Sep 17 00:00:00 2001 From: Jean-Marie Mineau Date: Thu, 15 Apr 2021 16:03:35 +0200 Subject: [PATCH] configur ssh --- roles/base_config/tasks/main.yml | 2 +- roles/ssh_totp/tasks/main.yml | 24 ++++++++++++++++++++++++ 2 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 roles/ssh_totp/tasks/main.yml diff --git a/roles/base_config/tasks/main.yml b/roles/base_config/tasks/main.yml index 188d49b..892f3d7 100644 --- a/roles/base_config/tasks/main.yml +++ b/roles/base_config/tasks/main.yml @@ -1,7 +1,6 @@ --- - name: Install and update basic tools apt: - update_cache: yes name: - sudo - vim @@ -18,6 +17,7 @@ - tcpdump - net-tools state: latest + update_cache: true register: apt_result retries: 3 until: apt_result is succeeded diff --git a/roles/ssh_totp/tasks/main.yml b/roles/ssh_totp/tasks/main.yml new file mode 100644 index 0000000..24b23e5 --- /dev/null +++ b/roles/ssh_totp/tasks/main.yml @@ -0,0 +1,24 @@ +--- +dependencies: + - role: base-totp + +- name: Eddit pam config for ssh + lineinfile: + path: /etc/pam.d/sshd + regexp: 'pam_oath.so' + line: "auth required pam_oath.so usersfile=/etc/users.oath window=60 digits=6" + insertbefore: BOF + +- name: Set ChallengeResponseAuthentication in sshd conf + path: /etc/ssh/sshd_config + regexp: '^#?ChallengeResponseAuthentication' + line: 'ChallengeResponseAuthentication yes' + +- name: Set UsePAM in sshd conf + path: /etc/ssh/sshd_config + regexp: '^#?UsePAM' + line: 'UsePAM yes' + + + +