Move PermitRootLogin handling into create_sshdconfig.

1 files changed, 11 insertions, 9 deletions

diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst
index 35a6b477b..5635a60a6 100644
--- a/debian/openssh-server.postinst
+++ b/debian/openssh-server.postinst
@@ -157,6 +157,17 @@ create_sshdconfig() {
                 update_server_key_bits
             fi
 
+            if dpkg --compare-versions "$2" lt-nl 1:6.6p1-1 && \
+               [ "$(get_config_option PermitRootLogin)" = yes ] &&
+               db_get openssh-server/permit-root-login && [ "$RET" = true ]; then
+                set_config_option PermitRootLogin prohibit-password
+            fi
+
+            if dpkg --compare-versions "$2" lt-nl 1:7.1p1-1 && \
+               [ "$(get_config_option PermitRootLogin)" = without-password ]; then
+                set_config_option PermitRootLogin prohibit-password
+            fi
+
             return 0
         fi
 
@@ -290,15 +301,6 @@ if [ "$action" = configure ]; then
             # restart it under systemd.
             start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd || true
         fi
-        if dpkg --compare-versions "$2" lt-nl 1:6.6p1-1 && \
-           [ "$(get_config_option PermitRootLogin)" = yes ] &&
-           db_get openssh-server/permit-root-login && [ "$RET" = true ]; then
-            set_config_option PermitRootLogin prohibit-password
-        fi
-        if dpkg --compare-versions "$2" lt-nl 1:7.1p1-1 && \
-           [ "$(get_config_option PermitRootLogin)" = without-password ]; then
-            set_config_option PermitRootLogin prohibit-password
-        fi
 fi
 
 #DEBHELPER#