linux - Ansible - 禁用 ssh 密码认证

Question

我正在尝试制作处理 sshd_config 的 ansible 任务适本地。我从其他问题中找到了类似的正则表达式，但它们什么也没做。

name: Disable SSH password authentication
      become: true
      lineinfile:
        dest: /etc/ssh/sshd_config
        regexp: '^#?\s*PasswordAuthentication\s'
        line: 'PasswordAuthentication no'
        state: present

问题是它应该处理重复的车道以及评论。例如:

可能有:

PasswordAuthentication no
PasswordAuthentication yes

或者

PasswordAuthentication no
PasswordAuthentication no

或者

PasswordAuthentication yes
PasswordAuthentication yes

或者

PasswordAuthentication no
#PasswordAuthentication no

或者

PasswordAuthentication no
# PasswordAuthentication no

或者

# PasswordAuthentication no
# PasswordAuthentication no

等等这么多组合。但我只想有一个未注释的行 PasswordAuthentication no这可能吗？

Answer 1

问: “处理重复的行和评论......有一个未注释的行 PasswordAuthentication no”
A:给定文件列表

    my_files:
      - sshd_config.0
      - sshd_config.1
      - sshd_config.2
      - sshd_config.3
      - sshd_config.4
      - sshd_config.5

和内容

shell> for f in files-17/*; do printf "\n%s\n" $f; cat $f; done

files-17/sshd_config.0
PasswordAuthentication no
PasswordAuthentication yes

files-17/sshd_config.1
PasswordAuthentication no
PasswordAuthentication no

files-17/sshd_config.2
PasswordAuthentication yes
PasswordAuthentication yes

files-17/sshd_config.3
PasswordAuthentication no
#PasswordAuthentication no

files-17/sshd_config.4
PasswordAuthentication no
# PasswordAuthentication no

files-17/sshd_config.5
# PasswordAuthentication no
# PasswordAuthentication no

下面的任务删除除第一行之外的所有内容，其中包括 PasswordAuthentication

    - replace:
        path: 'files-17/{{ item }}'
        after: 'PasswordAuthentication'
        regexp: '^(.*)PasswordAuthentication(.*)$'
        replace: ''
      loop: "{{ my_files }}"

给

shell> for f in files-17/*; do printf "\n%s\n" $f; cat $f; done

files-17/sshd_config.0
PasswordAuthentication no


files-17/sshd_config.1
PasswordAuthentication no


files-17/sshd_config.2
PasswordAuthentication yes


files-17/sshd_config.3
PasswordAuthentication no


files-17/sshd_config.4
PasswordAuthentication no


files-17/sshd_config.5
# PasswordAuthentication no

下一个任务将这些行替换为 PasswordAuthentication no

    - lineinfile:
        path: 'files-17/{{ item }}'
        regexp: '^(.*)PasswordAuthentication(.*)$'
        line: 'PasswordAuthentication no'
      loop: "{{ my_files }}"

给

shell> for f in files-17/*; do printf "\n%s\n" $f; cat $f; done

files-17/sshd_config.0
PasswordAuthentication no


files-17/sshd_config.1
PasswordAuthentication no


files-17/sshd_config.2
PasswordAuthentication no


files-17/sshd_config.3
PasswordAuthentication no


files-17/sshd_config.4
PasswordAuthentication no


files-17/sshd_config.5
PasswordAuthentication no

任务的顺序是幂等的。