From d78e63a67db98e72778fb33256d800f898e982ec Mon Sep 17 00:00:00 2001
From: Andy McCrae <andy.mccrae@gmail.com>
Date: Tue, 14 Nov 2017 16:40:14 +0000
Subject: [PATCH] Use 'PermitRootLogin 'without-password''

Since https://review.openstack.org/#/c/518013/7 merged we can now set
the value of security_sshd_permit_root_login to be 'without-password',
we should do this in favour of 'yes'.

Change-Id: I624d29752fca5a8cbf4cab455f32f0116b99ff82
---
 group_vars/hosts.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/group_vars/hosts.yml b/group_vars/hosts.yml
index d31cc8f44d..6766276c01 100644
--- a/group_vars/hosts.yml
+++ b/group_vars/hosts.yml
@@ -29,4 +29,4 @@ stig_version: rhel7
 security_rhel7_enable_linux_security_module: "{{ ansible_os_family == 'RedHat' | ternary(false, true) }}"
 
 # All our ansible tasks run as root user, we need to allow direct root login
-security_sshd_permit_root_login: yes
+security_sshd_permit_root_login: 'without-password'