* Split the ssh binary package into openssh-client and openssh-server

(closes: #39741). openssh-server depends on openssh-client for some common functionality; it didn't seem worth creating yet another package for this. * New transitional ssh package, depending on openssh-client and openssh-server. May be removed once nothing depends on it. * When upgrading from ssh to openssh-{client,server}, it's very difficult for the maintainer scripts to find out what version we're upgrading from without dodgy dpkg hackery. I've therefore taken the opportunity to move a couple of debconf notes into NEWS files, namely ssh/ssh2_keys_merged and ssh/user_environment_tell. * In general, upgrading to this version directly from woody without first upgrading to the version in sarge is not currently guaranteed to work very smoothly due to the aforementioned version discovery problems.
author: Colin Watson <cjwatson@debian.org> 2004-07-31 03:22:20 +0000
committer: Colin Watson <cjwatson@debian.org> 2004-07-31 03:22:20 +0000
commit: 9749ef7f9b382d743b186bf06c7c2aeb0b9bebee (patch)
tree: aadbcc936c4e05d344f3ae856925b62bafc8debb /debian/templates.master
parent: c57fe5be57af965042484e8669767f95e558b0ef (diff)
1 files changed, 0 insertions, 125 deletions
diff --git a/debian/templates.master b/debian/templates.master
deleted file mode 100644
index 07f62b178..000000000
--- a/debian/templates.master
+++ /dev/null
@@ -1,125 +0,0 @@
-Template: ssh/new_config
-Type: boolean
-Default: true
-_Description: Generate new configuration file
- This version of OpenSSH has a considerably changed configuration file from
- the version shipped in Debian 'Potato', which you appear to be upgrading
- from. I can now generate you a new configuration file
- (/etc/ssh/sshd.config), which will work with the new server version, but
- will not contain any customisations you made with the old version.
- .
- Please note that this new configuration file will set the value of
- 'PermitRootLogin' to yes (meaning that anyone knowing the root password
- can ssh directly in as root). It is the opinion of the maintainer that
- this is the correct default (see README.Debian for more details), but you
- can always edit sshd_config and set it to no if you wish.
- .
- It is strongly recommended that you let me generate a new configuration
- file for you.
-Template: ssh/protocol2_only
-Type: boolean
-Default: true
-_Description: Allow SSH protocol 2 only
- This version of OpenSSH supports version 2 of the ssh protocol, which is
- much more secure.  Disabling ssh 1 is encouraged, however this will slow
- things down on low end machines and might prevent older clients from
- connecting (the ssh client shipped with "potato" is affected).
- .
- Also please note that keys used for protocol 1 are different so you will
- not be able to use them if you only allow protocol 2 connections.
- .
- If you later change your mind about this setting, README.Debian has
- instructions on what to do to your sshd_config file.
-Template: ssh/ssh2_keys_merged
-Type: note
-_Description: ssh2 keys merged in configuration files
- As of version 3 OpenSSH no longer uses separate files for ssh1 and ssh2
- keys. This means the authorized_keys2 and known_hosts2 files are no longer
- needed. They will still be read in order to maintain backwards
- compatibility
-Template: ssh/use_old_init_script
-Type: boolean
-Default: false
-_Description: Do you want to continue (and risk killing active ssh sessions)?
- The version of /etc/init.d/ssh that you have installed, is likely to kill
- all running sshd instances.  If you are doing this upgrade via an ssh
- session, that would be a Bad Thing(tm).
- .
- You can fix this by adding "--pidfile /var/run/sshd.pid" to the
- start-stop-daemon line in the stop section of the file.
-Template: ssh/forward_warning
-Type: note
-_Description: NOTE: Forwarding of X11 and Authorization disabled by default.
- For security reasons, the Debian version of ssh has ForwardX11 and
- ForwardAgent set to ``off'' by default.
- .
- You can enable it for servers you trust, either in one of the
- configuration files, or with the -X command line option.
- .
- More details can be found in /usr/share/doc/ssh/README.Debian
-Template: ssh/insecure_rshd
-Type: note
-_Description: Warning: rsh-server is installed --- probably not a good idea
- having rsh-server installed undermines the security that you were probably
- wanting to obtain by installing ssh.  I'd advise you to remove that
- package.
-Template: ssh/insecure_telnetd
-Type: note
-_Description: Warning: telnetd is installed --- probably not a good idea
- I'd advise you to either remove the telnetd package (if you don't actually
- need to offer telnet access) or install telnetd-ssl so that there is at
- least some chance that telnet sessions will not be sending unencrypted
- login/password and session information over the network.
-Template: ssh/encrypted_host_key_but_no_keygen
-Type: note
-_Description: Warning: you must create a new host key
- There is an old /etc/ssh/ssh_host_key, which is IDEA encrypted. OpenSSH
- can not handle this host key file, and I can't find the ssh-keygen utility
- from the old (non-free) SSH installation.
- .
- You will need to generate a new host key.
-Template: ssh/SUID_client
-Type: boolean
-Default: true
-_Description: Do you want /usr/lib/ssh-keysign to be installed SUID root?
- You have the option of installing the ssh-keysign helper with the SUID bit
- set.
- .
- If you make ssh-keysign SUID, you will be able to use SSH's Protocol 2
- host-based authentication.
- .
- If in doubt, I suggest you install it with SUID.  If it causes problems
- you can change your mind later by running:   dpkg-reconfigure ssh
-Template: ssh/run_sshd
-Type: boolean
-Default: true
-_Description: Do you want to run the sshd server?
- This package contains both the ssh client, and the sshd server.
- .
- Normally the sshd Secure Shell Server will be run to allow remote logins
- via ssh.
- .
- If you are only interested in using the ssh client for outbound
- connections on this machine, and don't want to log into it at all using
- ssh, then you can disable sshd here.
-Template: ssh/user_environment_tell
-Type: note
-_Description: Environment options on keys have been deprecated
- This version of OpenSSH disables the environment option for public keys by
- default, in order to avoid certain attacks (for example, LD_PRELOAD). If
- you are using this option in an authorized_keys file, beware that the keys
- in question will no longer work until the option is removed.
- .
- To re-enable this option, set "PermitUserEnvironment yes" in
- /etc/ssh/sshd_config after the upgrade is complete, taking note of the
- warning in the sshd_config(5) manual page.
author	Colin Watson <cjwatson@debian.org>	2004-07-31 03:22:20 +0000
committer	Colin Watson <cjwatson@debian.org>	2004-07-31 03:22:20 +0000
commit	9749ef7f9b382d743b186bf06c7c2aeb0b9bebee (patch)
tree	aadbcc936c4e05d344f3ae856925b62bafc8debb /debian/templates.master
parent	c57fe5be57af965042484e8669767f95e558b0ef (diff)

diff --git a/debian/templates.master b/debian/templates.master deleted file mode 100644 index 07f62b178..000000000 --- a/debian/templates.master +++ /dev/null
@@ -1,125 +0,0 @@
1	Template: ssh/new_config
2	Type: boolean
3	Default: true
4	_Description: Generate new configuration file
5	This version of OpenSSH has a considerably changed configuration file from
6	the version shipped in Debian 'Potato', which you appear to be upgrading
7	from. I can now generate you a new configuration file
8	(/etc/ssh/sshd.config), which will work with the new server version, but
9	will not contain any customisations you made with the old version.
10	.
11	Please note that this new configuration file will set the value of
12	'PermitRootLogin' to yes (meaning that anyone knowing the root password
13	can ssh directly in as root). It is the opinion of the maintainer that
14	this is the correct default (see README.Debian for more details), but you
15	can always edit sshd_config and set it to no if you wish.
16	.
17	It is strongly recommended that you let me generate a new configuration
18	file for you.
19
20	Template: ssh/protocol2_only
21	Type: boolean
22	Default: true
23	_Description: Allow SSH protocol 2 only
24	This version of OpenSSH supports version 2 of the ssh protocol, which is
25	much more secure. Disabling ssh 1 is encouraged, however this will slow
26	things down on low end machines and might prevent older clients from
27	connecting (the ssh client shipped with "potato" is affected).
28	.
29	Also please note that keys used for protocol 1 are different so you will
30	not be able to use them if you only allow protocol 2 connections.
31	.
32	If you later change your mind about this setting, README.Debian has
33	instructions on what to do to your sshd_config file.
34
35	Template: ssh/ssh2_keys_merged
36	Type: note
37	_Description: ssh2 keys merged in configuration files
38	As of version 3 OpenSSH no longer uses separate files for ssh1 and ssh2
39	keys. This means the authorized_keys2 and known_hosts2 files are no longer
40	needed. They will still be read in order to maintain backwards
41	compatibility
42
43	Template: ssh/use_old_init_script
44	Type: boolean
45	Default: false
46	_Description: Do you want to continue (and risk killing active ssh sessions)?
47	The version of /etc/init.d/ssh that you have installed, is likely to kill
48	all running sshd instances. If you are doing this upgrade via an ssh
49	session, that would be a Bad Thing(tm).
50	.
51	You can fix this by adding "--pidfile /var/run/sshd.pid" to the
52	start-stop-daemon line in the stop section of the file.
53
54	Template: ssh/forward_warning
55	Type: note
56	_Description: NOTE: Forwarding of X11 and Authorization disabled by default.
57	For security reasons, the Debian version of ssh has ForwardX11 and
58	ForwardAgent set to ``off'' by default.
59	.
60	You can enable it for servers you trust, either in one of the
61	configuration files, or with the -X command line option.
62	.
63	More details can be found in /usr/share/doc/ssh/README.Debian
64
65	Template: ssh/insecure_rshd
66	Type: note
67	_Description: Warning: rsh-server is installed --- probably not a good idea
68	having rsh-server installed undermines the security that you were probably
69	wanting to obtain by installing ssh. I'd advise you to remove that
70	package.
71
72	Template: ssh/insecure_telnetd
73	Type: note
74	_Description: Warning: telnetd is installed --- probably not a good idea
75	I'd advise you to either remove the telnetd package (if you don't actually
76	need to offer telnet access) or install telnetd-ssl so that there is at
77	least some chance that telnet sessions will not be sending unencrypted
78	login/password and session information over the network.
79
80	Template: ssh/encrypted_host_key_but_no_keygen
81	Type: note
82	_Description: Warning: you must create a new host key
83	There is an old /etc/ssh/ssh_host_key, which is IDEA encrypted. OpenSSH
84	can not handle this host key file, and I can't find the ssh-keygen utility
85	from the old (non-free) SSH installation.
86	.
87	You will need to generate a new host key.
88
89	Template: ssh/SUID_client
90	Type: boolean
91	Default: true
92	_Description: Do you want /usr/lib/ssh-keysign to be installed SUID root?
93	You have the option of installing the ssh-keysign helper with the SUID bit
94	set.
95	.
96	If you make ssh-keysign SUID, you will be able to use SSH's Protocol 2
97	host-based authentication.
98	.
99	If in doubt, I suggest you install it with SUID. If it causes problems
100	you can change your mind later by running: dpkg-reconfigure ssh
101
102	Template: ssh/run_sshd
103	Type: boolean
104	Default: true
105	_Description: Do you want to run the sshd server?
106	This package contains both the ssh client, and the sshd server.
107	.
108	Normally the sshd Secure Shell Server will be run to allow remote logins
109	via ssh.
110	.
111	If you are only interested in using the ssh client for outbound
112	connections on this machine, and don't want to log into it at all using
113	ssh, then you can disable sshd here.
114
115	Template: ssh/user_environment_tell
116	Type: note
117	_Description: Environment options on keys have been deprecated
118	This version of OpenSSH disables the environment option for public keys by
119	default, in order to avoid certain attacks (for example, LD_PRELOAD). If
120	you are using this option in an authorized_keys file, beware that the keys
121	in question will no longer work until the option is removed.
122	.
123	To re-enable this option, set "PermitUserEnvironment yes" in
124	/etc/ssh/sshd_config after the upgrade is complete, taking note of the
125	warning in the sshd_config(5) manual page.