diff options
author | Colin Watson <cjwatson@debian.org> | 2008-01-11 00:09:20 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2008-01-11 00:09:20 +0000 |
commit | a508edc2333f9b001dabd65368067a8cc05d3faa (patch) | |
tree | 6dec8710161eb36a91affbc1f4170291d8ef57dd /debian/openssh-server.templates | |
parent | 7663ed6227ec01f2fc33e7adcb597201f006b62e (diff) |
* Drop source-compatibility with Debian 3.0:
- Remove support for building with GNOME 1. This allows simplification
of our GNOME build-dependencies (see #460136).
- Remove hacks to support the old PAM configuration scheme.
- Remove compatibility for building without po-debconf.
* Build-depend on libgtk2.0-dev rather than libgnomeui-dev. As far as I
can see, the GTK2 version of ssh-askpass-gnome has never required
libgnomeui-dev.
Diffstat (limited to 'debian/openssh-server.templates')
-rw-r--r-- | debian/openssh-server.templates | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/debian/openssh-server.templates b/debian/openssh-server.templates new file mode 100644 index 000000000..2cc62f8f1 --- /dev/null +++ b/debian/openssh-server.templates | |||
@@ -0,0 +1,64 @@ | |||
1 | # These templates have been reviewed by the debian-l10n-english | ||
2 | # team | ||
3 | # | ||
4 | # If modifications/additions/rewording are needed, please ask | ||
5 | # for an advice to debian-l10n-english@lists.debian.org | ||
6 | # | ||
7 | # Even minor modifications require translation updates and such | ||
8 | # changes should be coordinated with translators and reviewers. | ||
9 | # | ||
10 | Template: ssh/new_config | ||
11 | Type: boolean | ||
12 | Default: true | ||
13 | _Description: Generate a new configuration file for OpenSSH? | ||
14 | This version of OpenSSH has a considerably changed configuration file from | ||
15 | the version shipped in Debian 'Potato', which you appear to be upgrading | ||
16 | from. This package can now generate a new configuration file | ||
17 | (/etc/ssh/sshd.config), which will work with the new server version, but | ||
18 | will not contain any customizations you made with the old version. | ||
19 | . | ||
20 | Please note that this new configuration file will set the value of | ||
21 | 'PermitRootLogin' to 'yes' (meaning that anyone knowing the root password | ||
22 | can ssh directly in as root). Please read the README.Debian file for | ||
23 | more details about this design choice. | ||
24 | . | ||
25 | It is strongly recommended that you choose to generate a new | ||
26 | configuration file now. | ||
27 | |||
28 | Template: ssh/use_old_init_script | ||
29 | Type: boolean | ||
30 | Default: false | ||
31 | _Description: Do you want to risk killing active SSH sessions? | ||
32 | The currently installed version of /etc/init.d/ssh is likely to kill | ||
33 | all running sshd instances. If you are doing this upgrade via an SSH | ||
34 | session, you're likely to be disconnected and leave the upgrade | ||
35 | procedure unfinished. | ||
36 | . | ||
37 | This can be fixed by manually adding "--pidfile /var/run/sshd.pid" to | ||
38 | the start-stop-daemon line in the stop section of the file. | ||
39 | |||
40 | Template: ssh/encrypted_host_key_but_no_keygen | ||
41 | Type: note | ||
42 | _Description: New host key mandatory | ||
43 | The current host key, in /etc/ssh/ssh_host_key, is encrypted with the | ||
44 | IDEA algorithm. OpenSSH can not handle this host key file, and the | ||
45 | ssh-keygen utility from the old (non-free) SSH installation does not | ||
46 | appear to be available. | ||
47 | . | ||
48 | You need to manually generate a new host key. | ||
49 | |||
50 | Template: ssh/disable_cr_auth | ||
51 | Type: boolean | ||
52 | Default: false | ||
53 | _Description: Disable challenge-response authentication? | ||
54 | Password authentication appears to be disabled in the current OpenSSH | ||
55 | server configuration. In order to prevent users from logging in using | ||
56 | passwords (perhaps using only public key authentication instead) with | ||
57 | recent versions of OpenSSH, you must disable challenge-response | ||
58 | authentication, or else ensure that your PAM configuration does not allow | ||
59 | Unix password file authentication. | ||
60 | . | ||
61 | If you disable challenge-response authentication, then users will not be | ||
62 | able to log in using passwords. If you leave it enabled (the default | ||
63 | answer), then the 'PasswordAuthentication no' option will have no useful | ||
64 | effect unless you also adjust your PAM configuration in /etc/pam.d/ssh. | ||