Pains-Perdus/ansible
3
1
Fork 0
Code Issues Pull requests 1 Releases Wiki Activity

configur ssh

Browse source
This commit is contained in:
Jean-Marie Mineau 2021-04-15 16:03:35 +02:00
parent 8c967495e7
commit af2f7d191a
2 changed files with 25 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
roles/base_config/tasks/main.yml
View file

@ -1,7 +1,6 @@
--- ---
- name: Install and update basic tools - name: Install and update basic tools
apt: apt:
update_cache: yes
name: name:
- sudo - sudo
- vim - vim
@ -18,6 +17,7 @@
- tcpdump - tcpdump
- net-tools - net-tools
state: latest state: latest
update_cache: true
register: apt_result register: apt_result
retries: 3 retries: 3
until: apt_result is succeeded until: apt_result is succeeded

24
roles/ssh_totp/tasks/main.yml Normal file
View file

@ -0,0 +1,24 @@
---
dependencies:
- role: base-totp
- name: Eddit pam config for ssh
lineinfile:
path: /etc/pam.d/sshd
regexp: 'pam_oath.so'
line: "auth required pam_oath.so usersfile=/etc/users.oath window=60 digits=6"
insertbefore: BOF
- name: Set ChallengeResponseAuthentication in sshd conf
path: /etc/ssh/sshd_config
regexp: '^#?ChallengeResponseAuthentication'
line: 'ChallengeResponseAuthentication yes'
- name: Set UsePAM in sshd conf
path: /etc/ssh/sshd_config
regexp: '^#?UsePAM'
line: 'UsePAM yes'