Set PermitRootLogin without-password

This replaces the PermitRootLogin yes + PasswordAuthentication no construction.

opennebula-images/freebsd-build-opennebula-image.sh

@@ -178,11 +178,19 @@ sysrc -f "$UFSTARGET/etc/rc.conf" \
 
 tzsetup -s -C "$UFSTARGET" UTC
 
-cat >>"$UFSTARGET/etc/ssh/sshd_config" <<EOF
-PermitRootLogin yes
-PasswordAuthentication no
-PermitEmptyPasswords no
+# Add PermitRootLogin without-password, unless PermitRootLogin yes was already set
+sed -i .orig -e '/^#PermitRootLogin[[:blank:]]/a\
+PermitRootLogin without-password
+' -e '/^PermitRootLogin[[:blank:]]*no/ s/\([[:blank:]]\).*$/\1without-password/' \
+	"$UFSTARGET/etc/ssh/sshd_config"
+if ! grep -Eq '^PermitRootLogin (without-password|yes)' "$UFSTARGET/etc/ssh/sshd_config"
+then
+	cat >>"$UFSTARGET/etc/ssh/sshd_config" <<EOF
+
+# Added by Ungleich
+PermitRootLogin without-password
 EOF
+fi
 
 # Set zstd-19 compression, copy all data to the pool, and then set compression to default again
 # This will make the base image smaller, at the cost of taking longer to generate, as zstd-19 is slow to write