From ab5aa09628e0dab4381a0d5eaf7f51d61e8efb98 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Florian=20H=C3=BCbner?= <code@hub.lol>
Date: Sat, 25 Nov 2023 22:53:09 +0100
Subject: [PATCH] allow root ssh access (with certs only)

---
 configs/sshd_config | 2 +-
 installer/late.sh   | 9 +++++++--
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/configs/sshd_config b/configs/sshd_config
index a5e5174..9b46383 100644
--- a/configs/sshd_config
+++ b/configs/sshd_config
@@ -15,7 +15,7 @@ LogLevel VERBOSE
 # Log sftp level file access (read/write/etc.) that would not be easily logged otherwise.
 Subsystem sftp  /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO
 
-PermitRootLogin No
+PermitRootLogin without-password
 LoginGraceTime 1m
 UseDNS no
 PrintMotd no
diff --git a/installer/late.sh b/installer/late.sh
index 42a879c..3c41081 100755
--- a/installer/late.sh
+++ b/installer/late.sh
@@ -30,11 +30,16 @@ cp -a "/cdrom/configs/issue"       "${prefix}/etc/issue"
 cp -a "/cdrom/configs/motd"        "${prefix}/etc/motd"
 cp -a "/cdrom/configs/sshd_config" "${prefix}/etc/ssh/sshd_config"
 
-# authorize ssh keys
+# authorize ssh keys for root user
+mkdir -p  "${prefix}/root/.ssh"
+chmod 700 "${prefix}/root/.ssh"
+cp -a "/cdrom/configs/authorized_keys" "${prefix}/root/.ssh/authorized_keys"
+chmod 640 "${prefix}/root/.ssh/authorized_keys"
+# authorize ssh keys for admin user
 mkdir -p  "${prefix}/home/${admin}/.ssh"
 chmod 700 "${prefix}/home/${admin}/.ssh"
 cp -a "/cdrom/configs/authorized_keys" "${prefix}/home/${admin}/.ssh/authorized_keys"
-chmod 644 "${prefix}/home/${admin}/.ssh/authorized_keys"
+chmod 640 "${prefix}/home/${admin}/.ssh/authorized_keys"
 
 # reset user homedir owner
 chown -R "1000:1000" "${prefix}/home/${admin}"