From b8300c77e22acb1569e15a4977be20ef3a7d5cfe Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen.hemminger@vyatta.com>
Date: Tue, 26 Feb 2008 16:25:06 -0800
Subject: add option to disable root login over ssh

See: https://bugzilla.vyatta.com/show_bug.cgi?id=2798 and
     https://bugzilla.vyatta.com/show_bug.cgi?id=2806
---
 templates/service/ssh/root-allowed/node.def | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 templates/service/ssh/root-allowed/node.def

diff --git a/templates/service/ssh/root-allowed/node.def b/templates/service/ssh/root-allowed/node.def
new file mode 100644
index 00000000..8c5a6fd9
--- /dev/null
+++ b/templates/service/ssh/root-allowed/node.def
@@ -0,0 +1,19 @@
+type: bool
+help: Allow root login over ssh
+default: false
+help: Enable/disable root login
+update: if [ \"$VAR(@)\" == \"true\" ]; then 
+		sudo ed - /etc/ssh/sshd_config <<-"EOF"
+		/^PermitRootLogin/s/no/yes/
+		wq
+		EOF
+	else
+		sudo ed - /etc/ssh/sshd_config <<-"EOF"
+		/^PermitRootLogin/s/yes/no/
+		wq
+		EOF
+	fi
+delete:	sudo ed - /etc/ssh/sshd_config <<-"EOF"
+	/^PermitRootLogin/s/yes/no/
+	wq
+	EOF
-- 
cgit v1.2.3