--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/Makefile	Wed Mar 01 10:08:26 2017 -0800
@@ -0,0 +1,38 @@
+#
+# based on http://blog.boa.nu/2012/11/two-factor-ssh-login-google-authenticator-and-selinux.html
+#
+
+r := $(shell grep Wrote: mylog | grep -v debuginfo | awk '{print $$2}')
+b := $(shell basename ${r})
+m := google-authenticator.pp
+
+all:
+	rpmbuild --rebuild google-authenticator-1.0-0.gita096a62.fc24.6.src.rpm >mylog 2>&1
+	grep Wrote: mylog
+	make -f /usr/share/selinux/devel/Makefile
+
+
+install:
+	[ -f ${r} ] || /bin/false
+	yum -y install ${r}
+	semodule -i ${m}
+	sed -i -e 's/PAM-1.0/PAM-1.0\nauth		  required	   pam_google_authenticator.so nullok/g' /etc/pam.d/sshd
+	sed -i -e 's/^ChallengeResponseAuthentication no/ChallengeResponseAuthentication yes/g' /etc/ssh/sshd_config
+	service sshd restart
+
+
+setup:
+	google-authenticator
+	# authenticator setup creates the file with the wrong label.
+	restorecon ~/.google_authenticator
+
+
+install-remote:
+	scp ${r} ${m} $$target:/tmp
+	ssh $$target "cd /tmp; yum -y install ${b}"
+	ssh $$target "cd /tmp; semodule -i ${m}"
+	ssh $$target "sed -i -e 's/PAM-1.0/PAM-1.0\nauth		  required	   pam_google_authenticator.so nullok/g' /etc/pam.d/sshd"
+	ssh $$target "sed -i -e 's/^ChallengeResponseAuthentication no/ChallengeResponseAuthentication yes/g' /etc/ssh/sshd_config"
+	ssh $$target "service sshd restart"
+
+# make install-remote target=host.domain.tld