From dcf6443d97e043b29e2f9147b21c1e3cd8c12a42 Mon Sep 17 00:00:00 2001
From: Andy McCrae <andy.mccrae@gmail.com>
Date: Tue, 14 Nov 2017 16:40:14 +0000
Subject: [PATCH] Use 'PermitRootLogin 'without-password''

Since https://review.openstack.org/#/c/518013/7 merged we can now set
the value of security_sshd_permit_root_login to be 'without-password',
we should do this in favour of 'yes'.

[hwoarang: This also bumps a-r-r to include the fix in the
ansible-hardening role]

Change-Id: I624d29752fca5a8cbf4cab455f32f0116b99ff82
(cherry picked from commit d78e63a67db98e72778fb33256d800f898e982ec)
---
 ansible-role-requirements.yml | 2 +-
 group_vars/hosts.yml          | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/ansible-role-requirements.yml b/ansible-role-requirements.yml
index cbb8870ab9..be57215b11 100644
--- a/ansible-role-requirements.yml
+++ b/ansible-role-requirements.yml
@@ -1,7 +1,7 @@
 - name: ansible-hardening
   scm: git
   src: https://git.openstack.org/openstack/ansible-hardening
-  version: d1fb76ee4f6417cf1bb965c26c9f31d7ffb719f2
+  version: c05e36f48de66feb47046a0126d986fa03313f29
 - name: apt_package_pinning
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-apt_package_pinning
diff --git a/group_vars/hosts.yml b/group_vars/hosts.yml
index d31cc8f44d..6766276c01 100644
--- a/group_vars/hosts.yml
+++ b/group_vars/hosts.yml
@@ -29,4 +29,4 @@ stig_version: rhel7
 security_rhel7_enable_linux_security_module: "{{ ansible_os_family == 'RedHat' | ternary(false, true) }}"
 
 # All our ansible tasks run as root user, we need to allow direct root login
-security_sshd_permit_root_login: yes
+security_sshd_permit_root_login: 'without-password'