summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2006-07-14 16:08:37 +0000
committerColin Watson <cjwatson@debian.org>2006-07-14 16:08:37 +0000
commit7c8da8e1c4e0aa9f156da721c1f1ecf1e87d6112 (patch)
tree880dcc8cec205df7f5ff15e571aebdb33999596e
parent67a501cbbafa05d22956a739c37c52484d076427 (diff)
* Change sshd user's shell to /usr/sbin/nologin (closes: #366541).
Introduces dependency on passwd for usermod.
Diffstat
-rw-r--r--debian/changelog2
-rw-r--r--debian/control2
-rw-r--r--debian/openssh-server.postinst11
3 files changed, 13 insertions, 2 deletions
diff --git a/debian/changelog b/debian/changelog
index 66a338497..dceddd7fa 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,8 @@ openssh (1:4.3p2-3) UNRELEASED; urgency=low
2 2
3 * Document KeepAlive->TCPKeepAlive renaming in sshd_config(5) (closes: 3 * Document KeepAlive->TCPKeepAlive renaming in sshd_config(5) (closes:
4 https://launchpad.net/bugs/50702). 4 https://launchpad.net/bugs/50702).
5 * Change sshd user's shell to /usr/sbin/nologin (closes: #366541).
6 Introduces dependency on passwd for usermod.
5 * debconf template translations: 7 * debconf template translations:
6 - Update French (thanks, Denis Barbier; closes: #368503). 8 - Update French (thanks, Denis Barbier; closes: #368503).
7 - Update Dutch (thanks, Bart Cornelis; closes: #375100). 9 - Update Dutch (thanks, Bart Cornelis; closes: #375100).
diff --git a/debian/control b/debian/control
index 3bf6f513d..b95d1f759 100644
--- a/debian/control
+++ b/debian/control
@@ -8,7 +8,7 @@ Uploaders: Colin Watson <cjwatson@debian.org>
8 8
9Package: openssh-client 9Package: openssh-client
10Architecture: any 10Architecture: any
11Depends: ${shlibs:Depends}, ${debconf-depends}, adduser (>= 3.10), dpkg (>= 1.7.0) 11Depends: ${shlibs:Depends}, ${debconf-depends}, adduser (>= 3.10), dpkg (>= 1.7.0), passwd
12Conflicts: ssh (<< 1:3.8.1p1-9), sftp, rsh-client (<<0.16.1-1), ssh-krb5 12Conflicts: ssh (<< 1:3.8.1p1-9), sftp, rsh-client (<<0.16.1-1), ssh-krb5
13Replaces: ssh (<< 1:3.8.1p1-9), ssh-krb5 13Replaces: ssh (<< 1:3.8.1p1-9), ssh-krb5
14Suggests: ssh-askpass, xbase-clients 14Suggests: ssh-askpass, xbase-clients
diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst
index ccacb411a..1ac6906da 100644
--- a/debian/openssh-server.postinst
+++ b/debian/openssh-server.postinst
@@ -289,9 +289,15 @@ fix_statoverride() {
289 fi 289 fi
290} 290}
291 291
292fix_sshd_shell() {
293 if getent passwd sshd | grep ':/bin/false$'; then
294 usermod -s /usr/sbin/nologin sshd
295 fi
296}
297
292setup_sshd_user() { 298setup_sshd_user() {
293 if ! getent passwd sshd >/dev/null; then 299 if ! getent passwd sshd >/dev/null; then
294 adduser --quiet --system --no-create-home --home /var/run/sshd sshd 300 adduser --quiet --system --no-create-home --home /var/run/sshd --shell /usr/sbin/nologin sshd
295 fi 301 fi
296} 302}
297 303
@@ -318,6 +324,9 @@ create_sshdconfig
318check_idea_key 324check_idea_key
319create_keys 325create_keys
320fix_statoverride 326fix_statoverride
327if dpkg --compare-versions "$2" lt 1:4.3p2-3; then
328 fix_sshd_shell
329fi
321setup_sshd_user 330setup_sshd_user
322if dpkg --compare-versions "$2" lt 1:3.6.1p2-2; then 331if dpkg --compare-versions "$2" lt 1:3.6.1p2-2; then
323 fix_conffile_permissions 332 fix_conffile_permissions
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-08 17:44:36 +0000