Mercurial > google-authenticator

view Makefile @ 0:524d6c83d8ad

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
initial version
author Carl Byington <carl@five-ten-sg.com>
date Wed, 01 Mar 2017 10:08:26 -0800
parents
children 0e3c9806a620
line wrap: on
line source

#
# based on http://blog.boa.nu/2012/11/two-factor-ssh-login-google-authenticator-and-selinux.html
#

r := $(shell grep Wrote: mylog | grep -v debuginfo | awk '{print $$2}')
b := $(shell basename ${r})
m := google-authenticator.pp

all:
	rpmbuild --rebuild google-authenticator-1.0-0.gita096a62.fc24.6.src.rpm >mylog 2>&1
	grep Wrote: mylog
	make -f /usr/share/selinux/devel/Makefile


install:
	[ -f ${r} ] || /bin/false
	yum -y install ${r}
	semodule -i ${m}
	sed -i -e 's/PAM-1.0/PAM-1.0\nauth		  required	   pam_google_authenticator.so nullok/g' /etc/pam.d/sshd
	sed -i -e 's/^ChallengeResponseAuthentication no/ChallengeResponseAuthentication yes/g' /etc/ssh/sshd_config
	service sshd restart


setup:
	google-authenticator
	# authenticator setup creates the file with the wrong label.
	restorecon ~/.google_authenticator


install-remote:
	scp ${r} ${m} $$target:/tmp
	ssh $$target "cd /tmp; yum -y install ${b}"
	ssh $$target "cd /tmp; semodule -i ${m}"
	ssh $$target "sed -i -e 's/PAM-1.0/PAM-1.0\nauth		  required	   pam_google_authenticator.so nullok/g' /etc/pam.d/sshd"
	ssh $$target "sed -i -e 's/^ChallengeResponseAuthentication no/ChallengeResponseAuthentication yes/g' /etc/ssh/sshd_config"
	ssh $$target "service sshd restart"

# make install-remote target=host.domain.tld