50 lines
1.5 KiB
YAML
50 lines
1.5 KiB
YAML
---
|
|
|
|
- name: Install gauth OTP
|
|
ansible.builtin.apt:
|
|
install_recommends: false
|
|
update_cache: true
|
|
state: present
|
|
name:
|
|
- libpam-google-authenticator
|
|
- libpam0g-dev
|
|
|
|
- name: Generate a time-based code for maverik
|
|
command:
|
|
cmd: '/usr/bin/google-authenticator -t -f -d --label="maverik@INFRA01" --qr-mode=ANSI -r 3 -R 120 -w 1 --secret=/home/maverik/.google_authenticator'
|
|
ignore_errors: True
|
|
|
|
- name: Generate a time-based code for charlie
|
|
ansible.builtin.command:
|
|
cmd: '/usr/bin/google-authenticator -t -f -d --label="charlie@INFRA01" --qr-mode=ANSI -r 3 -R 120 -w 1 --secret=/home/charlie/.google_authenticator'
|
|
ignore_errors: True
|
|
|
|
- name: Generate a time-based code for goose
|
|
ansible.builtin.command:
|
|
cmd: '/usr/bin/google-authenticator -t -f -d --label="goose@INFRA01" --qr-mode=ANSI -r 3 -R 120 -w 1 --secret=/home/goose/.google_authenticator'
|
|
ignore_errors: True
|
|
|
|
- name: Add Google auth PAM
|
|
ansible.builtin.lineinfile:
|
|
dest: "/etc/pam.d/sshd"
|
|
line: "auth required pam_google_authenticator.so"
|
|
insertbefore: BOF
|
|
state: present
|
|
|
|
- name: Add Google PAM
|
|
ansible.builtin.lineinfile:
|
|
dest: "/etc/pam.d/sshd"
|
|
line: "auth required pam_google_authenticator.so"
|
|
insertbefore: BOF
|
|
state: present
|
|
|
|
- name: Delete Old authentication
|
|
ansible.builtin.lineinfile:
|
|
path: "/etc/pam.d/sshd"
|
|
regexp: "^@include common-auth"
|
|
line: "#@include common-auth"
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
|