X-Git-Url: https://git.grml.org/?p=grml-live.git;a=blobdiff_plain;f=etc%2Fgrml%2Ffai%2Fconfig%2Fscripts%2FGRMLBASE%2F49-sshd;h=f2d40ed61a3afef5e45f8d6df5a5e9858d7f314e;hp=9f0a82409bcffcb1ebf79dacde373b9f2fa7f9f2;hb=52b53064ae9100cf67409a4bb0130f613629f5bf;hpb=487e689322d6ec9c4336f0b337fd5ed54267358e

diff --git a/etc/grml/fai/config/scripts/GRMLBASE/49-sshd b/etc/grml/fai/config/scripts/GRMLBASE/49-sshd
index 9f0a824..f2d40ed 100755
--- a/etc/grml/fai/config/scripts/GRMLBASE/49-sshd
+++ b/etc/grml/fai/config/scripts/GRMLBASE/49-sshd
@@ -15,11 +15,23 @@ if ! [ -r "${target}/etc/ssh/sshd_config" ] ; then
 fi
 
 # make sure root login works, it's set to "without-password" since openssh-server v1:6.6p1-1
-sed -i "s/^\(PermitRootLogin without-password\)/# \1 # disabled via grml-live\nPermitRootLogin yes/" "${target}/etc/ssh/sshd_config"
+# and defaults to "prohibit-password" since openssh-server v1:7.1p1-1
+if grep -q '^PermitRootLogin ' "${target}/etc/ssh/sshd_config" ; then
+  # make sure we don't modify our own disabled snippet once again
+  if ! grep -q 'PermitRootLogin .*disabled via grml-live' "${target}/etc/ssh/sshd_config" ; then
+    sed -i "s/^\(PermitRootLogin .*\)/# \1 # disabled via grml-live\nPermitRootLogin yes/" "${target}/etc/ssh/sshd_config"
+  fi
+else
+  echo "# Added via grml-live script:" >> "${target}/etc/ssh/sshd_config"
+  echo "PermitRootLogin yes" >> "${target}/etc/ssh/sshd_config"
+fi
 
 # speedup if DNS is broken/unavailable
-if grep -q '^UseDNS' "${target}/etc/ssh/sshd_config" ; then
-  sed -i "s/^\(UseDNS yes\)/# \1 # disabled via grml-live\nUseDNS no/" "${target}/etc/ssh/sshd_config"
+if grep -q '^UseDNS ' "${target}/etc/ssh/sshd_config" ; then
+  # make sure we don't modify our own disabled snippet once again
+  if ! grep -q 'UseDNS .*disabled via grml-live' "${target}/etc/ssh/sshd_config" ; then
+    sed -i "s/^\(UseDNS .*\)/# \1 # disabled via grml-live\nUseDNS no/" "${target}/etc/ssh/sshd_config"
+  fi
 else
   echo "# Added via grml-live script:" >> "${target}/etc/ssh/sshd_config"
   echo "UseDNS no" >> "${target}/etc/ssh/sshd_config"