From ae1e2e43042d2774efd201177ff2923ffb627777 Mon Sep 17 00:00:00 2001
From: David Mehren <david.mehren@tu-dortmund.de>
Date: Tue, 31 Mar 2020 19:17:07 +0200
Subject: [PATCH] Always prohibit root login with password.

---
 templates/sshd_config.conf.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/sshd_config.conf.j2 b/templates/sshd_config.conf.j2
index 10f1fab..679df19 100644
--- a/templates/sshd_config.conf.j2
+++ b/templates/sshd_config.conf.j2
@@ -6,7 +6,7 @@ Port {{ item }}
 ListenAddress {{ item }}
 {% endfor %}
 
-PermitRootLogin {{ 'yes' if sshd_permit_root_login else 'no' }}
+PermitRootLogin {{ 'prohibit-password' if sshd_permit_root_login else 'no' }}
 
 PubkeyAuthentication {{ 'yes' if sshd_allow_pubkeys else 'no' }}
 PasswordAuthentication {{ 'yes' if sshd_allow_passwords else 'no' }}
-- 
GitLab