sed match and replace in file except for comments

Question

I am trying to automatically disable logging into SSH via root. I know I can manually edit the file and do so, but I want to disable root login through a Bash script (that I use to initialize my servers).

I haven't used sed much, but I think it's what I should used based off of this question.

The line I am trying to replace, in /etc/ssh/sshd_config, is PermitRootLogin {any_value}. The default value of {any_value} is yes but I would like this to work for any value (on the same line).

I tried the command sudo sed -i "/PermitRootLogin/c\PermitRootLogin no" /etc/ssh/sshd_config but this also replaces a random comment that contains the text "PermitRootLogin".

So, I don't want to replace lines that begin with a comment token, #.

Here is the relevant parts of the file I am trying to edit (my comments are added with "###"):

# Authentication:
LoginGraceTime 120
PermitRootLogin yes ### I want to replace this line with "PermitRootLogin no"
StrictModes yes

# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without

The expected output is:

LoginGraceTime 120
PermitRootLogin no
StrictModes yes

# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without

Then, I tried this: sed -i "\(^[\# ]\)+/PermitRootLogin/c\PermitRootLogin no" /etc/ssh/sshd_config.

This gives me an error of: sed: -e expression #1, char 48: unterminated address regex.

How can I accomplish what I am trying to do? Thank you!

1

...and expected output. – Ed Morton Aug 22 '15 at 19:02

hek2mgl · Accepted Answer · 2015-08-22T19:18:34.457

3

You can use this:

sed '/^#/!s/PermitRootLogin .*/PermitRootLogin no/' /etc/ssh/sshd_config

The pattern /^#/ matches a line which starts with a comment. The ! negates the match meaning the subsequent command will be executed on non-comment lines only.

The substitute comment replaces PermitRootLogin following by anything .* by PermitRootLogin no.

Use -i once you are sure it works correctly.

edited Aug 22 '15 at 19:18

answered Aug 22 '15 at 19:06

hek2mgl

152,036
28
249
266

I want to replace all `word` with `newword` except `wordlist`, how? – alhelal Oct 22 '17 at 13:04
I recommend to post a question - if you cannot find the answer. The comments aren't the right place to ask. – hek2mgl Oct 22 '17 at 16:53
I think my asking is about similar of this question. – alhelal Oct 22 '17 at 17:05

PhilMasteG · Answer 2 · 2015-08-22T19:15:06.557

3

Try

sed -i "s/^[^#]*PermitRootLogin .*/PermitRootLogin no/g" file

^: Beginning of line
[^#]*: any character but no #

edited Aug 22 '15 at 19:15

answered Aug 22 '15 at 19:08

PhilMasteG

3,095
1
20
27

score 2 · Answer 3 · answered Aug 22 '15 at 19:06

2

Try this with GNU sed:

sed -i 's/^PermitRootLogin .*/PermitRootLogin no/' /etc/ssh/sshd_config

answered Aug 22 '15 at 19:06

Cyrus

84,225
14
89
153

2

i think this one should be answer. why would you care about comment if `PermitRootLogin` is at the beginning of the line. btw, i think change `.*` to `[^#]*` would help since it doesn't replace the trailing comment along with the switch, if any. – Jason Hu Aug 22 '15 at 19:15

sed match and replace in file except for comments

3 Answers3