add base for totp

2021-04-15 16:24:51 +02:00 · 2021-04-15 16:24:51 +02:00 · b6e22ff91d
commit b6e22ff91d
parent af2f7d191a
2 changed files with 24 additions and 0 deletions
--- a/roles/base_totp/tasks/main.yml
+++ b/roles/base_totp/tasks/main.yml
@ -0,0 +1,22 @@
+---
+- name: Install the PAM lib
+  apt:
+    name:
+      - libpam-oath
+    state: latest
+    update_cache: true
+  register: apt_result
+  retries: 3
+  until: apt_result is succeeded
+
+- name: Add the totp secret for users
+  lineinfile:
+    path: /etc/users.oath
+    regexp: "{{ item.name }}"
+    line: "HOTP/T60/6 {{ item.name }} - {{item.totp}}"
+    create: true
+    group: root
+    owner: root
+    mode: '600'
+  loop: "{{ uservault_users }}"
+  no_log: true
--- a/roles/ssh_totp/tasks/main.yml
+++ b/roles/ssh_totp/tasks/main.yml
@ -10,11 +10,13 @@ dependencies:
    insertbefore: BOF

 - name: Set ChallengeResponseAuthentication in sshd conf
+  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: '^#?ChallengeResponseAuthentication'
    line: 'ChallengeResponseAuthentication yes'

 - name: Set UsePAM in sshd conf
+  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: '^#?UsePAM'
    line: 'UsePAM yes'