GRMLBASE/49-sshd: ensure that login as root via password works again

openssh defaults to "prohibit-password" since openssh-server v1:7.1p1-1,
breaking our existing change regarding without-password.

While at it also improve the script to not readd the PermitRootLogin
and UseDNS configs with every single run, instead check for our
own modifications and skip them in further runs.

Closes grml/grml#12

etc/grml/fai/config/scripts/GRMLBASE/49-sshd

@@ -15,11 +15,23 @@ if ! [ -r "${target}/etc/ssh/sshd_config" ] ; then
 fi
 
 # make sure root login works, it's set to "without-password" since openssh-server v1:6.6p1-1
-sed -i "s/^\(PermitRootLogin without-password\)/# \1 # disabled via grml-live\nPermitRootLogin yes/" "${target}/etc/ssh/sshd_config"
+# and defaults to "prohibit-password" since openssh-server v1:7.1p1-1
+if grep -q '^PermitRootLogin ' "${target}/etc/ssh/sshd_config" ; then
+  # make sure we don't modify our own disabled snippet once again
+  if ! grep -q 'PermitRootLogin .*disabled via grml-live' "${target}/etc/ssh/sshd_config" ; then
+    sed -i "s/^\(PermitRootLogin .*\)/# \1 # disabled via grml-live\nPermitRootLogin yes/" "${target}/etc/ssh/sshd_config"
+  fi
+else
+  echo "# Added via grml-live script:" >> "${target}/etc/ssh/sshd_config"
+  echo "PermitRootLogin yes" >> "${target}/etc/ssh/sshd_config"
+fi
 
 # speedup if DNS is broken/unavailable
-if grep -q '^UseDNS' "${target}/etc/ssh/sshd_config" ; then
-  sed -i "s/^\(UseDNS yes\)/# \1 # disabled via grml-live\nUseDNS no/" "${target}/etc/ssh/sshd_config"
+if grep -q '^UseDNS ' "${target}/etc/ssh/sshd_config" ; then
+  # make sure we don't modify our own disabled snippet once again
+  if ! grep -q 'UseDNS .*disabled via grml-live' "${target}/etc/ssh/sshd_config" ; then
+    sed -i "s/^\(UseDNS .*\)/# \1 # disabled via grml-live\nUseDNS no/" "${target}/etc/ssh/sshd_config"
+  fi
 else
   echo "# Added via grml-live script:" >> "${target}/etc/ssh/sshd_config"
   echo "UseDNS no" >> "${target}/etc/ssh/sshd_config"