summaryrefslogtreecommitdiff
path: root/debian/postinst
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2003-09-01 19:03:02 +0000
committerColin Watson <cjwatson@debian.org>2003-09-01 19:03:02 +0000
commit4a4400f027c87b8b8182ecad3e821c0a0db49df0 (patch)
treeb2ea7235c6f34ddb60f5f7001f23dfcfe1766fa3 /debian/postinst
parent1501d1e253613aba573e163869a2f704abd73a44 (diff)
parent854156dd39acbde9b4a47ec0fc54a042ea7358e0 (diff)
Debian release 3.6.1p2-1.
Diffstat (limited to 'debian/postinst')
-rw-r--r--debian/postinst60
1 files changed, 18 insertions, 42 deletions
diff --git a/debian/postinst b/debian/postinst
index 4d3598a31..8a1c7c588 100644
--- a/debian/postinst
+++ b/debian/postinst
@@ -3,10 +3,8 @@
3action="$1" 3action="$1"
4oldversion="$2" 4oldversion="$2"
5 5
6test -e /usr/share/debconf/confmodule && { 6. /usr/share/debconf/confmodule
7 . /usr/share/debconf/confmodule 7db_version 2.0
8 db_version 2.0
9}
10 8
11umask 022 9umask 022
12 10
@@ -44,11 +42,7 @@ create_key() {
44 42
45 43
46create_keys() { 44create_keys() {
47 RET=true 45 db_get ssh/protocol2_only
48 test -e /usr/share/debconf/confmodule && {
49 db_get ssh/protocol2_only
50 }
51
52 if [ "$RET" = "false" ] ; then 46 if [ "$RET" = "false" ] ; then
53 create_key "Creating SSH1 key; this may take some time ..." \ 47 create_key "Creating SSH1 key; this may take some time ..." \
54 /etc/ssh/ssh_host_key -t rsa1 48 /etc/ssh/ssh_host_key -t rsa1
@@ -64,18 +58,11 @@ create_keys() {
64create_sshdconfig() { 58create_sshdconfig() {
65 if [ -e /etc/ssh/sshd_config ] ; then 59 if [ -e /etc/ssh/sshd_config ] ; then
66 if dpkg --compare-versions "$oldversion" lt-nl 1:1.3 ; then 60 if dpkg --compare-versions "$oldversion" lt-nl 1:1.3 ; then
67 RET=true 61 db_get ssh/new_config
68 test -e /usr/share/debconf/confmodule && {
69 db_get ssh/new_config
70 }
71 if [ "$RET" = "false" ] ; then return 0; fi 62 if [ "$RET" = "false" ] ; then return 0; fi
72 else return 0 63 else return 0
73 fi 64 fi
74 fi 65 fi
75 RET=true
76 test -e /usr/share/debconf/confmodule && {
77 db_get ssh/protocol2_only
78 }
79 66
80 #Preserve old sshd_config before generating a new on 67 #Preserve old sshd_config before generating a new on
81 if [ -e /etc/ssh/sshd_config ] ; then 68 if [ -e /etc/ssh/sshd_config ] ; then
@@ -92,6 +79,7 @@ Port 22
92#ListenAddress :: 79#ListenAddress ::
93#ListenAddress 0.0.0.0 80#ListenAddress 0.0.0.0
94EOF 81EOF
82 db_get ssh/protocol2_only
95if [ "$RET" = "false" ]; then 83if [ "$RET" = "false" ]; then
96 cat <<EOF >> /etc/ssh/sshd_config 84 cat <<EOF >> /etc/ssh/sshd_config
97Protocol 2,1 85Protocol 2,1
@@ -110,9 +98,7 @@ HostKey /etc/ssh/ssh_host_dsa_key
110EOF 98EOF
111fi 99fi
112 100
113test -e /usr/share/debconf/confmodule && { 101db_get ssh/privsep_ask
114 db_get ssh/privsep_ask
115}
116if [ "$RET" = "false" ]; then 102if [ "$RET" = "false" ]; then
117 cat <<EOF >> /etc/ssh/sshd_config 103 cat <<EOF >> /etc/ssh/sshd_config
118#Explicitly set PrivSep off, as requested 104#Explicitly set PrivSep off, as requested
@@ -166,8 +152,8 @@ HostbasedAuthentication no
166# To enable empty passwords, change to yes (NOT RECOMMENDED) 152# To enable empty passwords, change to yes (NOT RECOMMENDED)
167PermitEmptyPasswords no 153PermitEmptyPasswords no
168 154
169# Uncomment to disable s/key passwords 155# Change to no to disable s/key passwords
170#ChallengeResponseAuthentication no 156#ChallengeResponseAuthentication yes
171 157
172# To disable tunneled clear text passwords, change to no here! 158# To disable tunneled clear text passwords, change to no here!
173PasswordAuthentication yes 159PasswordAuthentication yes
@@ -253,8 +239,6 @@ setup_sshd_user() {
253} 239}
254 240
255set_sshd_permissions() { 241set_sshd_permissions() {
256 suid=false
257
258 if dpkg --compare-versions "$oldversion" lt-nl 1:3.4p1-1 ; then 242 if dpkg --compare-versions "$oldversion" lt-nl 1:3.4p1-1 ; then
259 if [ -x /usr/sbin/dpkg-statoverride ] ; then 243 if [ -x /usr/sbin/dpkg-statoverride ] ; then
260 if dpkg-statoverride --list /usr/bin/ssh >/dev/null; then 244 if dpkg-statoverride --list /usr/bin/ssh >/dev/null; then
@@ -263,17 +247,14 @@ set_sshd_permissions() {
263 fi 247 fi
264 fi 248 fi
265 249
266 [ -e /usr/share/debconf/confmodule ] && { 250 if [ ! -x /usr/sbin/dpkg-statoverride ] || \
251 ! dpkg-statoverride --list /usr/lib/ssh-keysign >/dev/null ; then
267 db_get ssh/SUID_client 252 db_get ssh/SUID_client
268 suid="$RET" 253 if [ "$RET" = "false" ] ; then
269 } 254 chmod 0755 /usr/lib/ssh-keysign
270 if [ ! -x /usr/sbin/dpkg-statoverride ] || \ 255 elif [ "$RET" = "true" ] ; then
271 ! dpkg-statoverride --list /usr/lib/ssh-keysign >/dev/null ; then 256 chmod 4755 /usr/lib/ssh-keysign
272 if [ "$suid" = "false" ] ; then 257 fi
273 chmod 0755 /usr/lib/ssh-keysign
274 elif [ "$suid" = "true" ] ; then
275 chmod 4755 /usr/lib/ssh-keysign
276 fi
277 fi 258 fi
278} 259}
279 260
@@ -300,13 +281,8 @@ set_ssh_agent_permissions() {
300 281
301 282
302setup_startup() { 283setup_startup() {
303 start=yes 284 db_get ssh/run_sshd
304 [ -e /usr/share/debconf/confmodule ] && { 285 if [ "$RET" = "false" ] ; then
305 db_get ssh/run_sshd
306 start="$RET"
307 }
308
309 if [ "$start" != "true" ] ; then
310 /etc/init.d/ssh stop 2>&1 >/dev/null 286 /etc/init.d/ssh stop 2>&1 >/dev/null
311 touch /etc/ssh/sshd_not_to_be_run 287 touch /etc/ssh/sshd_not_to_be_run
312 else 288 else
@@ -336,7 +312,7 @@ setup_startup
336setup_init 312setup_init
337 313
338 314
339[ -e /usr/share/debconf/confmodule ] && db_stop 315db_stop
340 316
341exit 0 317exit 0
342 318
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-20 08:04:17 +0000