GRMLBASE/49-sshd: ensure that login as root via password works again

[grml-live.git] / etc / grml / fai / config / scripts / GRMLBASE / 49-sshd

diff --git a/etc/grml/fai/config/scripts/GRMLBASE/49-sshd b/etc/grml/fai/config/scripts/GRMLBASE/49-sshd
index 9f0a824..f2d40ed 100755 (executable)
--- a/etc/grml/fai/config/scripts/GRMLBASE/49-sshd
+++ b/etc/grml/fai/config/scripts/GRMLBASE/49-sshd
@@ -15,11 +15,23 @@ if ! [ -r "${target}/etc/ssh/sshd_config" ] ; then
 fi
 
 # make sure root login works, it's set to "without-password" since openssh-server v1:6.6p1-1
-sed -i "s/^\(PermitRootLogin without-password\)/# \1 # disabled via grml-live\nPermitRootLogin yes/" "${target}/etc/ssh/sshd_config"
+# and defaults to "prohibit-password" since openssh-server v1:7.1p1-1
+if grep -q '^PermitRootLogin ' "${target}/etc/ssh/sshd_config" ; then
+  # make sure we don't modify our own disabled snippet once again
+  if ! grep -q 'PermitRootLogin .*disabled via grml-live' "${target}/etc/ssh/sshd_config" ; then
+    sed -i "s/^\(PermitRootLogin .*\)/# \1 # disabled via grml-live\nPermitRootLogin yes/" "${target}/etc/ssh/sshd_config"
+  fi
+else
+  echo "# Added via grml-live script:" >> "${target}/etc/ssh/sshd_config"
+  echo "PermitRootLogin yes" >> "${target}/etc/ssh/sshd_config"
+fi
 
 # speedup if DNS is broken/unavailable
-if grep -q '^UseDNS' "${target}/etc/ssh/sshd_config" ; then
-  sed -i "s/^\(UseDNS yes\)/# \1 # disabled via grml-live\nUseDNS no/" "${target}/etc/ssh/sshd_config"
+if grep -q '^UseDNS ' "${target}/etc/ssh/sshd_config" ; then
+  # make sure we don't modify our own disabled snippet once again
+  if ! grep -q 'UseDNS .*disabled via grml-live' "${target}/etc/ssh/sshd_config" ; then
+    sed -i "s/^\(UseDNS .*\)/# \1 # disabled via grml-live\nUseDNS no/" "${target}/etc/ssh/sshd_config"
+  fi
 else
   echo "# Added via grml-live script:" >> "${target}/etc/ssh/sshd_config"
   echo "UseDNS no" >> "${target}/etc/ssh/sshd_config"