diff options
author | Colin Watson <cjwatson@debian.org> | 2004-07-31 03:22:20 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2004-07-31 03:22:20 +0000 |
commit | 9749ef7f9b382d743b186bf06c7c2aeb0b9bebee (patch) | |
tree | aadbcc936c4e05d344f3ae856925b62bafc8debb /debian/openssh-server.templates.master | |
parent | c57fe5be57af965042484e8669767f95e558b0ef (diff) |
* Split the ssh binary package into openssh-client and openssh-server
(closes: #39741). openssh-server depends on openssh-client for some
common functionality; it didn't seem worth creating yet another package
for this.
* New transitional ssh package, depending on openssh-client and
openssh-server. May be removed once nothing depends on it.
* When upgrading from ssh to openssh-{client,server}, it's very difficult
for the maintainer scripts to find out what version we're upgrading from
without dodgy dpkg hackery. I've therefore taken the opportunity to move
a couple of debconf notes into NEWS files, namely ssh/ssh2_keys_merged
and ssh/user_environment_tell.
* In general, upgrading to this version directly from woody without first
upgrading to the version in sarge is not currently guaranteed to work
very smoothly due to the aforementioned version discovery problems.
Diffstat (limited to 'debian/openssh-server.templates.master')
-rw-r--r-- | debian/openssh-server.templates.master | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/debian/openssh-server.templates.master b/debian/openssh-server.templates.master new file mode 100644 index 000000000..e6d355639 --- /dev/null +++ b/debian/openssh-server.templates.master | |||
@@ -0,0 +1,79 @@ | |||
1 | Template: ssh/new_config | ||
2 | Type: boolean | ||
3 | Default: true | ||
4 | _Description: Generate new configuration file | ||
5 | This version of OpenSSH has a considerably changed configuration file from | ||
6 | the version shipped in Debian 'Potato', which you appear to be upgrading | ||
7 | from. I can now generate you a new configuration file | ||
8 | (/etc/ssh/sshd.config), which will work with the new server version, but | ||
9 | will not contain any customisations you made with the old version. | ||
10 | . | ||
11 | Please note that this new configuration file will set the value of | ||
12 | 'PermitRootLogin' to yes (meaning that anyone knowing the root password | ||
13 | can ssh directly in as root). It is the opinion of the maintainer that | ||
14 | this is the correct default (see README.Debian for more details), but you | ||
15 | can always edit sshd_config and set it to no if you wish. | ||
16 | . | ||
17 | It is strongly recommended that you let me generate a new configuration | ||
18 | file for you. | ||
19 | |||
20 | Template: ssh/protocol2_only | ||
21 | Type: boolean | ||
22 | Default: true | ||
23 | _Description: Allow SSH protocol 2 only | ||
24 | This version of OpenSSH supports version 2 of the ssh protocol, which is | ||
25 | much more secure. Disabling ssh 1 is encouraged, however this will slow | ||
26 | things down on low end machines and might prevent older clients from | ||
27 | connecting (the ssh client shipped with "potato" is affected). | ||
28 | . | ||
29 | Also please note that keys used for protocol 1 are different so you will | ||
30 | not be able to use them if you only allow protocol 2 connections. | ||
31 | . | ||
32 | If you later change your mind about this setting, README.Debian has | ||
33 | instructions on what to do to your sshd_config file. | ||
34 | |||
35 | Template: ssh/use_old_init_script | ||
36 | Type: boolean | ||
37 | Default: false | ||
38 | _Description: Do you want to continue (and risk killing active ssh sessions)? | ||
39 | The version of /etc/init.d/ssh that you have installed, is likely to kill | ||
40 | all running sshd instances. If you are doing this upgrade via an ssh | ||
41 | session, that would be a Bad Thing(tm). | ||
42 | . | ||
43 | You can fix this by adding "--pidfile /var/run/sshd.pid" to the | ||
44 | start-stop-daemon line in the stop section of the file. | ||
45 | |||
46 | Template: ssh/forward_warning | ||
47 | Type: note | ||
48 | _Description: NOTE: Forwarding of X11 and Authorization disabled by default. | ||
49 | For security reasons, the Debian version of ssh has ForwardX11 and | ||
50 | ForwardAgent set to ``off'' by default. | ||
51 | . | ||
52 | You can enable it for servers you trust, either in one of the | ||
53 | configuration files, or with the -X command line option. | ||
54 | . | ||
55 | More details can be found in /usr/share/doc/ssh/README.Debian | ||
56 | |||
57 | Template: ssh/insecure_rshd | ||
58 | Type: note | ||
59 | _Description: Warning: rsh-server is installed --- probably not a good idea | ||
60 | having rsh-server installed undermines the security that you were probably | ||
61 | wanting to obtain by installing ssh. I'd advise you to remove that | ||
62 | package. | ||
63 | |||
64 | Template: ssh/insecure_telnetd | ||
65 | Type: note | ||
66 | _Description: Warning: telnetd is installed --- probably not a good idea | ||
67 | I'd advise you to either remove the telnetd package (if you don't actually | ||
68 | need to offer telnet access) or install telnetd-ssl so that there is at | ||
69 | least some chance that telnet sessions will not be sending unencrypted | ||
70 | login/password and session information over the network. | ||
71 | |||
72 | Template: ssh/encrypted_host_key_but_no_keygen | ||
73 | Type: note | ||
74 | _Description: Warning: you must create a new host key | ||
75 | There is an old /etc/ssh/ssh_host_key, which is IDEA encrypted. OpenSSH | ||
76 | can not handle this host key file, and I can't find the ssh-keygen utility | ||
77 | from the old (non-free) SSH installation. | ||
78 | . | ||
79 | You will need to generate a new host key. | ||