Revert "T634: Remove 'service ssh allow-root'"

This reverts commit d9474df03d47b20f06580c3b32aac69849162015.

1 files changed, 7 insertions, 1 deletions

diff --git a/src/conf_mode/ssh.py b/src/conf_mode/ssh.py
index a4857bba9..a7877eaeb 100755
--- a/src/conf_mode/ssh.py
+++ b/src/conf_mode/ssh.py
@@ -59,7 +59,6 @@ Banner /etc/issue.net
 Subsystem sftp /usr/lib/openssh/sftp-server
 UsePAM yes
 HostKey /etc/ssh/ssh_host_key
-PermitRootLogin no
 
 # Specifies whether sshd should look up the remote host name,
 # and to check that the resolved host name for the remote IP
@@ -73,6 +72,9 @@ Port {{ port }}
 # Gives the verbosity level that is used when logging messages from sshd
 LogLevel {{ log_level }}
 
+# Specifies whether root can log in using ssh
+PermitRootLogin {{ allow_root }}
+
 # Specifies whether password authentication is allowed
 PasswordAuthentication {{ password_authentication }}
 
@@ -140,6 +142,7 @@ DenyGroups {{ deny_groups | join(" ") }}
 default_config_data = {
     'port' : '22',
     'log_level': 'INFO',
+    'allow_root': 'no',
     'password_authentication': 'yes',
     'host_validation': 'yes'
 }
@@ -168,6 +171,9 @@ def get_config():
         deny_groups = conf.return_values('access-control deny group')
         ssh.setdefault('deny_groups', deny_groups)
 
+    if conf.exists('allow-root'):
+        ssh['allow-root'] = 'yes'
+
     if conf.exists('ciphers'):
         ciphers = conf.return_values('ciphers')
         ssh.setdefault('ciphers', ciphers)