Following is the process to deploy a script on the server where PermitRootLogin in sshd_config is needed to be yes, and it is being set to no by chef-client, basically instead of commenting Chef-Client, this script will change the attribute to yes.


Login on the server and go to root access : sudo -s

Following script lies under /home/centos/script

sed -i 's/PermitRootLogin no/PermitRootLogin yes/g' /etc/ssh/sshd_config
if [[ "${?}" -ne 0 ]]; then
   echo "The sshd_config file was not modified successfully" >> $logfile
   exit 1
systemctl restart sshd

Then change the script permission to - chmod 775
Now, add it to the cronjob of root exactly +5 to the chef-client's scheduled timing.
#Added to override Chef Change on RootLogin
2,32 * * * * /bin/sleep 14; /home/centos/script/ > /home/centos/log/changesshdcronlogs.log 2>&1