Do the IDEA host key check on a temporary file to avoid altering

/etc/ssh/ssh_host_key itself (closes: #312312).

2 files changed, 10 insertions, 1 deletions

diff --git a/debian/changelog b/debian/changelog
index 00e514beb..61bbb4234 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+openssh (1:4.1p1-7) UNRELEASED; urgency=low
+
+  * Do the IDEA host key check on a temporary file to avoid altering
+    /etc/ssh/ssh_host_key itself (closes: #312312).
+
+ -- Colin Watson <cjwatson@debian.org>  Sat,  9 Jul 2005 23:59:38 +0100
+
 openssh (1:4.1p1-6) unstable; urgency=low
 
   * Fix one-character typo that meant the binaries in openssh-client and
diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst
index 02d01f2d8..ef1412ca7 100644
--- a/debian/openssh-server.postinst
+++ b/debian/openssh-server.postinst
@@ -26,11 +26,13 @@ check_idea_key() {
         # check for old host_key files using IDEA, which openssh does not
         # support
         if [ -f /etc/ssh/ssh_host_key ] ; then
-                if ssh-keygen -p -N '' -f /etc/ssh/ssh_host_key 2>&1 | \
+                cp -a /etc/ssh/ssh_host_key /etc/ssh/ssh_host_key.check_idea
+                if ssh-keygen -p -N '' -f /etc/ssh/ssh_host_key.check_idea 2>&1 | \
                                 grep -q 'unknown cipher' 2>/dev/null; then
                         mv /etc/ssh/ssh_host_key /etc/ssh/ssh_host_key.old
                         mv /etc/ssh/ssh_host_key.pub /etc/ssh/ssh_host_key.pub.old
                 fi
+                rm -f /etc/ssh/ssh_host_key.check_idea
         fi
 }