---
dependencies:
  - role: base-totp

- name: Eddit pam config for ssh
  lineinfile:
    path: /etc/pam.d/sshd
    regexp: 'pam_oath.so'
    line: "auth	  required pam_oath.so usersfile=/etc/users.oath window=60 digits=6"
    insertbefore: BOF

- name: Set ChallengeResponseAuthentication in sshd conf
    path: /etc/ssh/sshd_config
    regexp: '^#?ChallengeResponseAuthentication'
    line: 'ChallengeResponseAuthentication yes'

- name: Set UsePAM in sshd conf
    path: /etc/ssh/sshd_config
    regexp: '^#?UsePAM'
    line: 'UsePAM yes'