* Remove the check for vulnerable host keys; this was first added five

years ago, and everyone should have upgraded through a version that applied these checks by now. The ssh-vulnkey tool and the blacklisting support in sshd are still here, at least for the moment. * This removes the last of our uses of debconf (closes: #221531).
author: Colin Watson <cjwatson@debian.org> 2013-05-22 01:55:10 +0100
committer: Colin Watson <cjwatson@debian.org> 2013-05-22 01:55:10 +0100
commit: 21a53192fe3500604a06dc01afa26eaaa34e73cf (patch)
tree: 233609e6dc30e27d0a46f4659a05b1b24cf15d36 /debian/openssh-server.postinst
parent: edcebe7e07b1d2626cceb312fb2cc2391679a78a (diff)
1 files changed, 0 insertions, 40 deletions
diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst
index 94461083e..a438a4e06 100644
--- a/debian/openssh-server.postinst
+++ b/debian/openssh-server.postinst
@@ -3,9 +3,6 @@
 action="$1"
 oldversion="$2"
-. /usr/share/debconf/confmodule
-db_version 2.0
 umask 022
@@ -126,35 +123,6 @@ create_keys() {
 }
-vulnerable_host_keys() {
-        # If the admin has explicitly put the vulnerable keys back, we
-        # assume they can look after themselves.
-        db_fget ssh/vulnerable_host_keys seen
-        if [ "$RET" = true ]; then
-                return 0
-        fi
-        hostkeys="$(host_keys_required)"
-        vulnerable=
-        for hostkey in $hostkeys; do
-                [ -f "$hostkey" ] || continue
-                if ssh-vulnkey -q "$hostkey"; then
-                        vulnerable="${vulnerable:+$vulnerable }$hostkey"
-                fi
-        done
-        if [ "$vulnerable" ]; then
-                db_subst ssh/vulnerable_host_keys HOST_KEYS "$vulnerable"
-                db_input critical ssh/vulnerable_host_keys || true
-                db_go
-                for hostkey in $vulnerable; do
-                        mv "$hostkey" "$hostkey.broken" || true
-                        mv "$hostkey.pub" "$hostkey.pub.broken" || true
-                done
-                create_keys
-        fi
-}
 fix_loglevel_silent() {
        if [ "$(get_config_option LogLevel)" = SILENT ]; then
                set_config_option LogLevel QUIET
@@ -299,7 +267,6 @@ remove_old_init_links() {
 if [ "$action" = configure ]; then
        create_sshdconfig
        create_keys
-        vulnerable_host_keys
        fix_statoverride
        setup_sshd_user
        if dpkg --compare-versions "$2" lt 1:5.2p1-1; then
@@ -312,15 +279,8 @@ if [ "$action" = configure ]; then
        if dpkg --compare-versions "$2" lt 1:5.5p1-6; then
            rm -f /var/run/sshd/.placeholder
        fi
-        # Clean up old debconf templates.
-        db_unregister ssh/use_old_init_script
-        db_unregister ssh/encrypted_host_key_but_no_keygen
-        db_unregister ssh/disable_cr_auth
 fi
 #DEBHELPER#
-db_stop
 exit 0
author	Colin Watson <cjwatson@debian.org>	2013-05-22 01:55:10 +0100
committer	Colin Watson <cjwatson@debian.org>	2013-05-22 01:55:10 +0100
commit	21a53192fe3500604a06dc01afa26eaaa34e73cf (patch)
tree	233609e6dc30e27d0a46f4659a05b1b24cf15d36 /debian/openssh-server.postinst
parent	edcebe7e07b1d2626cceb312fb2cc2391679a78a (diff)

diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst index 94461083e..a438a4e06 100644 --- a/debian/openssh-server.postinst +++ b/debian/openssh-server.postinst
@@ -3,9 +3,6 @@
3	action="$1"	3	action="$1"
4	oldversion="$2"	4	oldversion="$2"
5		5
6	. /usr/share/debconf/confmodule
7	db_version 2.0
8
9	umask 022	6	umask 022
10		7
11		8
@@ -126,35 +123,6 @@ create_keys() {
126	}	123	}
127		124
128		125
129	vulnerable_host_keys() {
130	# If the admin has explicitly put the vulnerable keys back, we
131	# assume they can look after themselves.
132	db_fget ssh/vulnerable_host_keys seen
133	if [ "$RET" = true ]; then
134	return 0
135	fi
136
137	hostkeys="$(host_keys_required)"
138	vulnerable=
139	for hostkey in $hostkeys; do
140	[ -f "$hostkey" ] \|\| continue
141	if ssh-vulnkey -q "$hostkey"; then
142	vulnerable="${vulnerable:+$vulnerable }$hostkey"
143	fi
144	done
145	if [ "$vulnerable" ]; then
146	db_subst ssh/vulnerable_host_keys HOST_KEYS "$vulnerable"
147	db_input critical ssh/vulnerable_host_keys \|\| true
148	db_go
149	for hostkey in $vulnerable; do
150	mv "$hostkey" "$hostkey.broken" \|\| true
151	mv "$hostkey.pub" "$hostkey.pub.broken" \|\| true
152	done
153	create_keys
154	fi
155	}
156
157
158	fix_loglevel_silent() {	126	fix_loglevel_silent() {
159	if [ "$(get_config_option LogLevel)" = SILENT ]; then	127	if [ "$(get_config_option LogLevel)" = SILENT ]; then
160	set_config_option LogLevel QUIET	128	set_config_option LogLevel QUIET
@@ -299,7 +267,6 @@ remove_old_init_links() {
299	if [ "$action" = configure ]; then	267	if [ "$action" = configure ]; then
300	create_sshdconfig	268	create_sshdconfig
301	create_keys	269	create_keys
302	vulnerable_host_keys
303	fix_statoverride	270	fix_statoverride
304	setup_sshd_user	271	setup_sshd_user
305	if dpkg --compare-versions "$2" lt 1:5.2p1-1; then	272	if dpkg --compare-versions "$2" lt 1:5.2p1-1; then
@@ -312,15 +279,8 @@ if [ "$action" = configure ]; then
312	if dpkg --compare-versions "$2" lt 1:5.5p1-6; then	279	if dpkg --compare-versions "$2" lt 1:5.5p1-6; then
313	rm -f /var/run/sshd/.placeholder	280	rm -f /var/run/sshd/.placeholder
314	fi	281	fi
315
316	# Clean up old debconf templates.
317	db_unregister ssh/use_old_init_script
318	db_unregister ssh/encrypted_host_key_but_no_keygen
319	db_unregister ssh/disable_cr_auth
320	fi	282	fi
321		283
322	#DEBHELPER#	284	#DEBHELPER#
323		285
324	db_stop
325
326	exit 0	286	exit 0