# HG changeset patch
# Parent  c43ae523939377778762e81743b77b3c75eb4bd1
Allow root login with password by default. While less secure than upstream
default of forbidding access to the root account with a password, we are
temporarily introducing this change to keep the default used in older OpenSSH
versions shipped with SLE.

diff --git a/openssh-7.2p2/servconf.c b/openssh-7.2p2/servconf.c
--- a/openssh-7.2p2/servconf.c
+++ b/openssh-7.2p2/servconf.c
@@ -233,17 +233,17 @@ fill_default_server_options(ServerOption
 		options->pid_file = xstrdup(_PATH_SSH_DAEMON_PID_FILE);
 	if (options->server_key_bits == -1)
 		options->server_key_bits = 1024;
 	if (options->login_grace_time == -1)
 		options->login_grace_time = 120;
 	if (options->key_regeneration_time == -1)
 		options->key_regeneration_time = 3600;
 	if (options->permit_root_login == PERMIT_NOT_SET)
-		options->permit_root_login = PERMIT_NO_PASSWD;
+		options->permit_root_login = PERMIT_YES;
 	if (options->ignore_rhosts == -1)
 		options->ignore_rhosts = 1;
 	if (options->ignore_user_known_hosts == -1)
 		options->ignore_user_known_hosts = 0;
 	if (options->print_motd == -1)
 		options->print_motd = 1;
 	if (options->print_lastlog == -1)
 		options->print_lastlog = 1;
diff --git a/openssh-7.2p2/sshd_config b/openssh-7.2p2/sshd_config
--- a/openssh-7.2p2/sshd_config
+++ b/openssh-7.2p2/sshd_config
@@ -36,17 +36,17 @@
 # Logging
 # obsoletes QuietMode and FascistLogging
 #SyslogFacility AUTH
 #LogLevel INFO
 
 # Authentication:
 
 #LoginGraceTime 2m
-#PermitRootLogin prohibit-password
+#PermitRootLogin yes
 #StrictModes yes
 #MaxAuthTries 6
 #MaxSessions 10
 
 #RSAAuthentication yes
 #PubkeyAuthentication yes
 
 # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
diff --git a/openssh-7.2p2/sshd_config.0 b/openssh-7.2p2/sshd_config.0
--- a/openssh-7.2p2/sshd_config.0
+++ b/openssh-7.2p2/sshd_config.0
@@ -710,17 +710,17 @@ DESCRIPTION
              restrictions and permit any forwarding requests.  An argument of
              M-bM-^@M-^\noneM-bM-^@M-^] can be used to prohibit all forwarding requests.  By
              default all port forwarding requests are permitted.
 
      PermitRootLogin
              Specifies whether root can log in using ssh(1).  The argument
              must be M-bM-^@M-^\yesM-bM-^@M-^], M-bM-^@M-^\prohibit-passwordM-bM-^@M-^], M-bM-^@M-^\without-passwordM-bM-^@M-^],
              M-bM-^@M-^\forced-commands-onlyM-bM-^@M-^], or M-bM-^@M-^\noM-bM-^@M-^].  The default is
-             M-bM-^@M-^\prohibit-passwordM-bM-^@M-^].
+             M-bM-^@M-^\yesM-bM-^@M-^].
 
              If this option is set to M-bM-^@M-^\prohibit-passwordM-bM-^@M-^] or
              M-bM-^@M-^\without-passwordM-bM-^@M-^], password and keyboard-interactive
              authentication are disabled for root.
 
              If this option is set to M-bM-^@M-^\forced-commands-onlyM-bM-^@M-^], root login with
              public key authentication will be allowed, but only if the
              command option has been specified (which may be useful for taking
diff --git a/openssh-7.2p2/sshd_config.5 b/openssh-7.2p2/sshd_config.5
--- a/openssh-7.2p2/sshd_config.5
+++ b/openssh-7.2p2/sshd_config.5
@@ -1213,17 +1213,17 @@ Specifies whether root can log in using
 The argument must be
 .Dq yes ,
 .Dq prohibit-password ,
 .Dq without-password ,
 .Dq forced-commands-only ,
 or
 .Dq no .
 The default is
-.Dq prohibit-password .
+.Dq yes .
 .Pp
 If this option is set to
 .Dq prohibit-password
 or
 .Dq without-password ,
 password and keyboard-interactive authentication are disabled for root.
 .Pp
 If this option is set to