---
- name: Eddit pam config for ssh
  lineinfile:
    path: /etc/pam.d/sshd
    regexp: 'pam_oath.so'
    line: "auth	  required pam_oath.so usersfile=/etc/users.oath window={{totp_periode}} digits={{totp_digits}}"
    insertafter: "^# PAM configuration for the Secure Shell service"

- name: Set ChallengeResponseAuthentication in sshd conf
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: '^#?ChallengeResponseAuthentication'
    line: 'ChallengeResponseAuthentication yes'
  notify: Reload sshd

- name: Set UsePAM in sshd conf
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: '^#?UsePAM'
    line: 'UsePAM yes'
  notify: Reload sshd