Fixed sshd_config PermitRootLogin check (#19726).

1 files changed, 12 insertions, 4 deletions

diff --git a/share/msec.py b/share/msec.py
index 8510f9a..553890c 100755
--- a/share/msec.py
+++ b/share/msec.py
@@ -171,17 +171,14 @@ if level >= 4:
     enable_at_crontab(no)
     if level == 4:
         password_aging(60, 30)
-        allow_remote_root_login(without_password)
     else:
         password_aging(30, 15)
-        allow_remote_root_login(no)
     allow_xauth_from_root(no)
     set_win_parts_umask(None)
 else:
     set_user_umask('022')
     set_shell_history_size(-1)
     allow_root_login(yes)
-    allow_remote_root_login(yes)
     enable_sulogin(no)
     allow_user_list(yes)
     enable_promisc_check(no)
@@ -192,7 +189,18 @@ else:
     enable_at_crontab(yes)
     password_aging(99999)
     allow_xauth_from_root(yes)
-    
+
+# special exception for ssh; if level == 3, set
+# PermitRootLogin to without_password, otherwise set to no
+# see https://qa.mandriva.com/show_bug.cgi?id=19726
+if level >= 3:
+    if level == 3:
+        allow_remote_root_login(without_password)
+    else:
+        allow_remote_root_login(no)
+else:
+    allow_remote_root_login(yes)
+
 # differences between level 3,4,5 and others
 if server:
     allow_autologin(no)