瀏覽代碼

libpam-google-authenticator uses distribution package on Ubuntu 14.04

Sven Neuhaus 10 年之前
父節點
當前提交
63ba754eb7
共有 2 個檔案被更改,包括 42 行新增0 行删除
  1. 39
    0
      roles/common/tasks/google_auth_mod.yml
  2. 3
    0
      roles/common/tasks/main.yml

+ 39
- 0
roles/common/tasks/google_auth_mod.yml 查看文件

@@ -0,0 +1,39 @@
1
+---
2
+# Defines tasks applicable for Google Authenticator
3
+# Ubuntu trusty version, uses standard libpam-google-authenticator package
4
+
5
+- name: Ensure required packages are installed
6
+  apt: pkg={{ item }} state=present
7
+  with_items:
8
+    - libqrencode3
9
+    - libpam0g-dev
10
+    - libpam-google-authenticator
11
+
12
+- name: Update sshd config to enable challenge responses
13
+  lineinfile: dest=/etc/ssh/sshd_config
14
+              regexp=^ChallengeResponseAuthentication
15
+              line="ChallengeResponseAuthentication yes"
16
+              state=present
17
+  notify: restart ssh
18
+
19
+- name: Add Google authenticator to PAM
20
+  lineinfile: dest=/etc/pam.d/sshd
21
+              line="auth required pam_google_authenticator.so"
22
+              insertbefore=BOF
23
+              state=present
24
+
25
+- name: Generate a timed-based, no reuse, rate-limited (3 logins per 30 seconds) with one concurrently valid code for default user
26
+  command: /usr/bin/google-authenticator -t -f -d --label="{{ main_user_name }}@{{ domain }}" --qr-mode=ANSI -r 3 -R 30 -w 1 --secret=/home/{{ main_user_name }}/.google_authenticator
27
+           creates=/home/{{ main_user_name }}/.google_authenticator
28
+  sudo: yes
29
+  sudo_user: "{{ main_user_name }}"
30
+  when: ansible_ssh_user != "vagrant"
31
+
32
+- name: Retrieve generated keys from server
33
+  fetch: src=/home/{{ main_user_name }}/.google_authenticator
34
+         dest=/tmp/sovereign-google-auth-files
35
+  when: ansible_ssh_user != "vagrant"
36
+
37
+- pause: seconds=5
38
+         prompt="Your Google Authentication keys are in /tmp/sovereign-google-auth-files. Press any key to continue..."
39
+  when: ansible_ssh_user != "vagrant"

+ 3
- 0
roles/common/tasks/main.yml 查看文件

@@ -54,3 +54,6 @@
54 54
 - include: security.yml tags=security
55 55
 - include: ntp.yml tags=ntp
56 56
 - include: google_auth.yml tags=google_auth
57
+  when: ansible_distribution_release != 'trusty'
58
+- include: google_auth_mod.yml tags=google_auth
59
+  when: ansible_distribution_release == 'trusty'

Loading…
取消
儲存