From 4af428db784ab33c58d73f2c980f427563199e1c Mon Sep 17 00:00:00 2001
From: Lance Edgar <lance@edbob.org>
Date: Sun, 11 Mar 2018 20:34:39 -0500
Subject: [PATCH] Always set `PermitRootLogin` for `sshd_config`

it was only being set if the setting existed
---
 rattail_fabric/ssh.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/rattail_fabric/ssh.py b/rattail_fabric/ssh.py
index d9469df..feaab86 100644
--- a/rattail_fabric/ssh.py
+++ b/rattail_fabric/ssh.py
@@ -71,11 +71,15 @@ def configure(allow_root=False):
     Configure the OpenSSH service
     """
     path = '/etc/ssh/sshd_config'
-    value = 'without-password' if allow_root else 'no'
-    sed(path, r'^PermitRootLogin\s+.*', 'PermitRootLogin {}'.format(value), use_sudo=True)
+
+    entry = 'PermitRootLogin {}'.format('without-password' if allow_root else 'no')
+    sed(path, r'^PermitRootLogin\s+.*', entry, use_sudo=True)
+    append(path, entry, use_sudo=True)
+
     entry = 'PasswordAuthentication no'
     sed(path, r'^PasswordAuthentication\s+.*', entry, use_sudo=True)
     append(path, entry, use_sudo=True)
+
     restart()