I am probably over complicating this a bit but trying to create a fixlet to disable root login via ssh but I need to have PermitRootLogin without-password instead of just PermitRootLogin no. One of the problems I have is some systems already have PermitRootLogin without-password set while several don’t. I tried to use some relevance to determine if PermitRootLogin without-password exists but that does exist in all the sshd_config files in a commented section.
What I am trying to do in a nutshell is find the value #PermitRootLogin yes and then add the PermitRootLogin without-password below it so at the end of the day all the sshd_config files will look like this:
#PermitRootLogin yes
PermitRootLogin prohibit-password
and if PermitRootLogin no exists then remove. If I run the following they both are true and not sure how I can get the specific value with #
exists line whose (it contains “#PermitRootLogin yes”)of file “/etc/ssh/sshd_config” = True
exists line whose (it contains “PermitRootLogin yes”)of file “/etc/ssh/sshd_config” = True
Looking for any suggestions to basically find and add the line below if it doesn’t already exist.