From 665641c75a90148034b628fff3ffc03220382371 Mon Sep 17 00:00:00 2001
From: Jeffrey Townsend <jeffrey.townsend@bigswitch.com>
Date: Mon, 15 Aug 2016 19:07:45 +0000
Subject: [PATCH] The SSH PermitRootLogin setting is now an RFS option.

---
 tools/onlrfs.py | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/tools/onlrfs.py b/tools/onlrfs.py
index 11251413..6dee2a6d 100755
--- a/tools/onlrfs.py
+++ b/tools/onlrfs.py
@@ -393,6 +393,19 @@ rm -f /usr/sbin/policy-rc.d
                     onlu.execute('sudo chroot %s find /usr/share/doc -type f -delete' % dir_)
                     onlu.execute('sudo chroot %s find /usr/share/man -type f -delete' % dir_)
 
+                if 'PermitRootLogin' in options:
+                    config = os.path.join(dir_, 'etc/ssh/sshd_config')
+                    ua.chmod('a+rw', config)
+                    lines = open(config).readlines()
+                    with open(config, "w") as f:
+                        for line in lines:
+                            if line.startswith('PermitRootLogin'):
+                                v = options['PermitRootLogin']
+                                logger.info("Setting PermitRootLogin to %s" % v)
+                                f.write('PermitRootLogin %s\n' % v)
+                            else:
+                                f.write(line)
+                    ua.chmod('644', config)
 
                 if not options.get('securetty', True):
                     f = os.path.join(dir_, 'etc/securetty')