ansible批量修改sshd_config
---- hosts: all
gather_facts: true
remote_user: root
tasks:
- name: "修改ssh配置文件的安全选项"
lineinfile:
path: /etc/ssh/sshd_config
regexp: '{{ item.regexp }}'
line: '{{ item.line }}'
state: present
with_items:
- regexp: "^PasswordAuthentication"
line: "PasswordAuthentication no"
- regexp: "^#PermitRootLogin yes"
line: "PermitRootLogin no"
- regexp: "^#Port 22"
line: "Port 2249"
- regexp: "^GSSAPIAuthentication yes"
line: "GSSAPIAuthentication no"
notify:
- restart sshd
handlers:
- name: restart sshd
service:
name: sshd
state: restarted
页:
[1]