我正在尝试制作处理 sshd_config
的 ansible 任务适本地。我从其他问题中找到了类似的正则表达式,但它们什么也没做。
name: Disable SSH password authentication
become: true
lineinfile:
dest: /etc/ssh/sshd_config
regexp: '^#?\s*PasswordAuthentication\s'
line: 'PasswordAuthentication no'
state: present
问题是它应该处理重复的车道以及评论。例如:PasswordAuthentication no
PasswordAuthentication yes
或者PasswordAuthentication no
PasswordAuthentication no
或者PasswordAuthentication yes
PasswordAuthentication yes
或者PasswordAuthentication no
#PasswordAuthentication no
或者PasswordAuthentication no
# PasswordAuthentication no
或者# PasswordAuthentication no
# PasswordAuthentication no
等等这么多组合。但我只想有一个未注释的行 PasswordAuthentication no
这可能吗?
最佳答案
问: “处理重复的行和评论......有一个未注释的行 PasswordAuthentication no
”
A:给定文件列表
my_files:
- sshd_config.0
- sshd_config.1
- sshd_config.2
- sshd_config.3
- sshd_config.4
- sshd_config.5
和内容shell> for f in files-17/*; do printf "\n%s\n" $f; cat $f; done
files-17/sshd_config.0
PasswordAuthentication no
PasswordAuthentication yes
files-17/sshd_config.1
PasswordAuthentication no
PasswordAuthentication no
files-17/sshd_config.2
PasswordAuthentication yes
PasswordAuthentication yes
files-17/sshd_config.3
PasswordAuthentication no
#PasswordAuthentication no
files-17/sshd_config.4
PasswordAuthentication no
# PasswordAuthentication no
files-17/sshd_config.5
# PasswordAuthentication no
# PasswordAuthentication no
下面的任务删除除第一行之外的所有内容,其中包括 PasswordAuthentication
- replace:
path: 'files-17/{{ item }}'
after: 'PasswordAuthentication'
regexp: '^(.*)PasswordAuthentication(.*)$'
replace: ''
loop: "{{ my_files }}"
给shell> for f in files-17/*; do printf "\n%s\n" $f; cat $f; done
files-17/sshd_config.0
PasswordAuthentication no
files-17/sshd_config.1
PasswordAuthentication no
files-17/sshd_config.2
PasswordAuthentication yes
files-17/sshd_config.3
PasswordAuthentication no
files-17/sshd_config.4
PasswordAuthentication no
files-17/sshd_config.5
# PasswordAuthentication no
下一个任务将这些行替换为 PasswordAuthentication no
- lineinfile:
path: 'files-17/{{ item }}'
regexp: '^(.*)PasswordAuthentication(.*)$'
line: 'PasswordAuthentication no'
loop: "{{ my_files }}"
给shell> for f in files-17/*; do printf "\n%s\n" $f; cat $f; done
files-17/sshd_config.0
PasswordAuthentication no
files-17/sshd_config.1
PasswordAuthentication no
files-17/sshd_config.2
PasswordAuthentication no
files-17/sshd_config.3
PasswordAuthentication no
files-17/sshd_config.4
PasswordAuthentication no
files-17/sshd_config.5
PasswordAuthentication no
任务的顺序是幂等的。
关于linux - Ansible - 禁用 ssh 密码认证,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/65228192/