Added info on enabling SSH root login (#134)

tasks/alp-post-deployment-considerations.xml

@@ -45,10 +45,10 @@
         requirement is that the machine must use the &uefisecboot; enabled.
       </para>
       <para>
-        If the &dinstaller; detects a TPM 2.0 chip and &uefisecboot;, it will
-        create a secondary LUKS key. On the first boot, &productnameshort; will
-        use the TPM to protect this key and configure the &grub; boot loader to
-        automatically unwrap the key. Be aware that you must remove the ISO
+        If the &dinstaller; detects a TPM 2.0 chip and &uefisecboot;, it
+        creates a secondary LUKS key. On the first boot, &productnameshort;
+        uses the TPM to protect this key and configure the &grub; boot loader
+        to automatically unwrap the key. Be aware that you must remove the ISO
         after the installer has finished and before the system boots for the
         first time. This is because we use the TPM to ensure that the system
         comes up with exactly the same configuration before unlocking the LUKS
@@ -58,9 +58,9 @@
         This allows you to use the full disk encryption without having to type
         the disk password on each reboot. However, the disk password is still
         there and can be used for recovery. For example, after updating the
-        &grub; boot loader, or the SHIM loader, the TPM will no longer be able
-        to unseal the secondary key correctly, and &grub; will have to fall
-        back to the password.
+        &grub; boot loader or the SHIM loader, the TPM can no longer to unseal
+        the secondary key correctly, and &grub; has to fall back to the
+        password.
       </para>
     </section>
   </section>
@@ -77,7 +77,7 @@
       mode can lead to processes or workloads not behaving correctly because
       the default policy may be too strict. If you observe such unexpected
       issues, set &selnx; to the <emphasis>permissive</emphasis> mode that does
-      not enforce &selnx; policies but still logs offences against them called
+      not enforce &selnx; policies but still logs offenses against them called
       <emphasis>Access Vector Rules</emphasis> (AVCs).
     </para>
     <para>
@@ -128,13 +128,26 @@ tcontext=system_u:system_r:modemmanager_t:s0 tclass=qipcrtr_socket permissive=0
 <screen>&prompt.root;ausearch -m avc,user_avc,selinux_err -i</screen>
     <para>
       If such messages appear while using the application that did not behave
-      correctly when &selnx; was set to the enforce mode, the policies are
-      probably too restrictive and need updating. You can help to fine-tune
-      &selnx; policies by creating a bug report at
+      correctly when &selnx; was set to the enforce mode, the policies are too
+      restrictive and need updating. You can help to fine-tune &selnx; policies
+      by creating a bug report at
       <link xlink:href="https://bugzilla.suse.com/enter_bug.cgi?classification=SUSE%20ALP%20-%20SUSE%20Adaptable%20Linux%20Platform"/>.
       Specify <literal>Basesystem</literal> as a component, include the word
       <literal>&selnx;</literal> in the bug subject, and attach the gathered
       unique lines that include AVCs together with reproduction steps.
     </para>
   </section>
+  <section xml:id="alp-post-deploy-enable-root-ssh-login">
+    <title>Enabling &rootuser; login via SSH</title>
+    <para>
+      &rootuser; login via SSH is not permitted in &productnameshort; by default
+      for security reasons. If you need to enable it, for example, for testing
+      purposes, install the <package>openssh-server-config-rootlogin</package>
+      package and reboot the system:
+    </para>
+<screen>
+&prompt.root;<command>transactional-update pkg in openssh-server-config-rootlogin</command>
+&prompt.root;<command>reboot</command>
+</screen>
+  </section>
 </article>