summaryrefslogtreecommitdiff
path: root/debian
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2013-11-12 11:53:01 +0000
committerColin Watson <cjwatson@debian.org>2013-11-12 11:53:01 +0000
commit67978bbe148c5695b25acc04e4ea537e7eaedec8 (patch)
tree35b5fdea827e212d76482ccb265d8ffb033825f5 /debian
parent5836b276cc923667295037c385c6125b63dd6fb6 (diff)
Increase ServerKeyBits value in package-generated sshd_config to 1024
(closes: #727622, LP: #1244272).
Diffstat (limited to 'debian')
-rw-r--r--debian/changelog7
-rw-r--r--debian/openssh-server.postinst15
2 files changed, 21 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog
index 19584e315..99c395769 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
1openssh (1:6.4p1-2) UNRELEASED; urgency=low
2
3 * Increase ServerKeyBits value in package-generated sshd_config to 1024
4 (closes: #727622, LP: #1244272).
5
6 -- Colin Watson <cjwatson@debian.org> Tue, 12 Nov 2013 11:14:41 +0000
7
1openssh (1:6.4p1-1) unstable; urgency=high 8openssh (1:6.4p1-1) unstable; urgency=high
2 9
3 * New upstream release. Important changes: 10 * New upstream release. Important changes:
diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst
index 24d9a2c93..54dbe13a2 100644
--- a/debian/openssh-server.postinst
+++ b/debian/openssh-server.postinst
@@ -131,6 +131,13 @@ fix_loglevel_silent() {
131} 131}
132 132
133 133
134update_server_key_bits() {
135 if [ "$(get_config_option ServerKeyBits)" = 768 ]; then
136 set_config_option ServerKeyBits 1024
137 fi
138}
139
140
134create_sshdconfig() { 141create_sshdconfig() {
135 if [ -e /etc/ssh/sshd_config ] ; then 142 if [ -e /etc/ssh/sshd_config ] ; then
136 # Upgrade an existing sshd configuration. 143 # Upgrade an existing sshd configuration.
@@ -146,6 +153,12 @@ create_sshdconfig() {
146 fix_loglevel_silent 153 fix_loglevel_silent
147 fi 154 fi
148 155
156 # Changed upstream in 5.1p1, but we forgot to update the
157 # package-generated configuration file until now.
158 if dpkg --compare-versions "$oldversion" lt 1:6.4p1-2; then
159 update_server_key_bits
160 fi
161
149 return 0 162 return 0
150 fi 163 fi
151 164
@@ -168,7 +181,7 @@ UsePrivilegeSeparation yes
168 181
169# Lifetime and size of ephemeral version 1 server key 182# Lifetime and size of ephemeral version 1 server key
170KeyRegenerationInterval 3600 183KeyRegenerationInterval 3600
171ServerKeyBits 768 184ServerKeyBits 1024
172 185
173# Logging 186# Logging
174SyslogFacility AUTH 187SyslogFacility AUTH