Provide two-factor authentication on your server with Duo. After installation all SSH connections will authenticate using Duo.
This means all SSH connections, or in other words, you can't run Ansible sanely on the same box once this role completes and SSH is restarted. Any SSH requests will require verifying the request via the Duo app or a passcode and Ansible generates A LOT of them.
This role will setup SSH on the remote machine to allow passing a DUO_PASSCODE
environment variable from the control machine to allow passing in your Duo code
to satisy the two-factor requirement.
Alternatives would be to whitelist your IP address or to only use two-factor authentication for non-deployment accounts, but both are not handled by this role.
This role requires an active Duo account.
This role requires three variables to be set, preferrably in the
group_vars/all
file:
duo:
api_hostname: api-xxxxxxxx.duosecurity.com
integration_key: xxx
secret_key: xxx
This role requires libssl-dev
and python-pycurl
to be installed, but they
will be added automatically by this role.
MIT
Created by Jonathan Knapp of Coffee and Code.