summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--debian/changelog29
-rw-r--r--debian/config8
-rw-r--r--debian/control2
-rw-r--r--debian/copyright.head2
-rw-r--r--debian/init34
-rw-r--r--debian/postinst34
-rw-r--r--debian/prerm12
-rw-r--r--debian/ssh.pam1
8 files changed, 86 insertions, 36 deletions
diff --git a/debian/changelog b/debian/changelog
index 7fb8079be..b4d6b4258 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,32 @@
1openssh (1:3.5p1-4) unstable; urgency=low
2
3 * Point rlogin and rcp alternatives at slogin and scp respectively rather
4 than ssh (closes: #121103, #151666). Fix alternative removal to match;
5 previously it was completely wrong anyway.
6 * Find out whether /etc/ssh/sshd_not_to_be_run exists and set the debconf
7 question's default using that information, rather than using debconf as
8 a registry. Other solutions may be better in the long run, but this is
9 at least correct (thanks, Matthew Woodcraft; closes: #84725).
10 * Stop using pam_lastlog, as it doesn't currently work well as a session
11 module when privilege separation is enabled; it can usually read
12 /var/log/lastlog but can't write to it. Instead, just use sshd's
13 built-in support, already enabled by default (closes: #151297, #169938).
14 * Use 'ssh-keygen -q' rather than redirecting output to /dev/null.
15 * Add a "this may take some time" warning when creating host keys on
16 installation (part of #110094).
17 * When restarting via the init script, check for sshd_not_to_be_run after
18 stopping sshd (idea from Tomas Pospisek; closes: #149850).
19 * Append /usr/sbin:/sbin to the init script's $PATH, just in case of
20 strangeness (closes: #115138).
21 * Fix a dpkg-statoverride call to redirect stdout to /dev/null, not
22 stderr.
23 * Correct copyright file typo: "orignal" -> "original" (closes: #176490).
24 * Rebuild with libssl0.9.7 (closes: #176983).
25 * We're up to policy version 3.5.6. DEB_BUILD_OPTIONS stuff still needs to
26 be looked at.
27
28 -- Colin Watson <cjwatson@debian.org> Sat, 18 Jan 2003 01:37:23 +0000
29
1openssh (1:3.5p1-3) unstable; urgency=low 30openssh (1:3.5p1-3) unstable; urgency=low
2 31
3 * Happy new year! 32 * Happy new year!
diff --git a/debian/config b/debian/config
index b794276fa..7b4f85b43 100644
--- a/debian/config
+++ b/debian/config
@@ -52,6 +52,14 @@ fi
52 52
53db_input medium ssh/SUID_client || true 53db_input medium ssh/SUID_client || true
54 54
55# To be correct during initial installation, this relies on the desired
56# default for run_sshd being "true".
57if [ -e /etc/ssh/sshd_not_to_be_run ]
58then
59 db_set ssh/run_sshd false
60else
61 db_set ssh/run_sshd true
62fi
55db_input medium ssh/run_sshd || true 63db_input medium ssh/run_sshd || true
56 64
57if [ -x /usr/sbin/in.telnetd ] && grep -q "^telnet\b" /etc/inetd.conf 65if [ -x /usr/sbin/in.telnetd ] && grep -q "^telnet\b" /etc/inetd.conf
diff --git a/debian/control b/debian/control
index d10c59857..034286457 100644
--- a/debian/control
+++ b/debian/control
@@ -3,7 +3,7 @@ Section: net
3Priority: standard 3Priority: standard
4Maintainer: Matthew Vernon <matthew@debian.org> 4Maintainer: Matthew Vernon <matthew@debian.org>
5Build-Depends: libwrap0-dev | libwrap-dev, zlib1g-dev | libz-dev, libssl-dev, libpam0g-dev | libpam-dev, libgnome-dev, groff, debhelper (>=1.1.17), sharutils 5Build-Depends: libwrap0-dev | libwrap-dev, zlib1g-dev | libz-dev, libssl-dev, libpam0g-dev | libpam-dev, libgnome-dev, groff, debhelper (>=1.1.17), sharutils
6Standards-Version: 3.5.2 6Standards-Version: 3.5.6
7Uploaders: Colin Watson <cjwatson@debian.org> 7Uploaders: Colin Watson <cjwatson@debian.org>
8 8
9Package: ssh 9Package: ssh
diff --git a/debian/copyright.head b/debian/copyright.head
index 1e1282f98..5bd397447 100644
--- a/debian/copyright.head
+++ b/debian/copyright.head
@@ -30,7 +30,7 @@ X11-style license (see source file for details).
30make-ssh-known-hosts is Copyright Tero Kivinen <Tero.Kivinen@hut.fi>, 30make-ssh-known-hosts is Copyright Tero Kivinen <Tero.Kivinen@hut.fi>,
31and is distributed under the GPL (see source file for details). 31and is distributed under the GPL (see source file for details).
32 32
33The copyright for the orignal SSH version follows. It has been 33The copyright for the original SSH version follows. It has been
34modified with [comments] to reflect the changes that the OpenBSD folks 34modified with [comments] to reflect the changes that the OpenBSD folks
35have made: 35have made:
36 36
diff --git a/debian/init b/debian/init
index fe59584e6..ea39a8bd0 100644
--- a/debian/init
+++ b/debian/init
@@ -5,25 +5,32 @@
5test -x /usr/sbin/sshd || exit 0 5test -x /usr/sbin/sshd || exit 0
6( /usr/sbin/sshd -\? 2>&1 | grep -q OpenSSH ) 2>/dev/null || exit 0 6( /usr/sbin/sshd -\? 2>&1 | grep -q OpenSSH ) 2>/dev/null || exit 0
7 7
8# forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists 8check_for_no_start() {
9if [ -e /etc/ssh/sshd_not_to_be_run ]; then 9 # forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists
10 echo "OpenBSD Secure Shell server not in use (/etc/ssh/sshd_not_to_be_run)" 10 if [ -e /etc/ssh/sshd_not_to_be_run ]; then
11 exit 0 11 echo "OpenBSD Secure Shell server not in use (/etc/ssh/sshd_not_to_be_run)"
12fi 12 exit 0
13 fi
14}
15
16check_privsep_dir() {
17 # Create the PrivSep empty dir if necessary
18 if [ ! -d /var/run/sshd ]; then
19 mkdir /var/run/sshd
20 chmod 0755 /var/run/sshd
21 fi
22}
13 23
14check_config() { 24check_config() {
15 /usr/sbin/sshd -t || exit 1 25 /usr/sbin/sshd -t || exit 1
16} 26}
17 27
18# Configurable options: 28export PATH="${PATH:+$PATH:}/usr/sbin:/sbin"
19 29
20case "$1" in 30case "$1" in
21 start) 31 start)
22 test -f /etc/ssh/sshd_not_to_be_run && exit 0 32 check_for_no_start
23#Create the PrivSep empty dir if necessary 33 check_privsep_dir
24 if [ ! -d /var/run/sshd ]; then
25 mkdir /var/run/sshd; chmod 0755 /var/run/sshd
26 fi
27 echo -n "Starting OpenBSD Secure Shell server: sshd" 34 echo -n "Starting OpenBSD Secure Shell server: sshd"
28 start-stop-daemon --start --quiet --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd 35 start-stop-daemon --start --quiet --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd
29 echo "." 36 echo "."
@@ -35,7 +42,7 @@ case "$1" in
35 ;; 42 ;;
36 43
37 reload|force-reload) 44 reload|force-reload)
38 test -f /etc/ssh/sshd_not_to_be_run && exit 0 45 check_for_no_start
39 check_config 46 check_config
40 echo -n "Reloading OpenBSD Secure Shell server's configuration" 47 echo -n "Reloading OpenBSD Secure Shell server's configuration"
41 start-stop-daemon --stop --signal 1 --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd 48 start-stop-daemon --stop --signal 1 --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd
@@ -43,10 +50,11 @@ case "$1" in
43 ;; 50 ;;
44 51
45 restart) 52 restart)
46 test -f /etc/ssh/sshd_not_to_be_run && exit 0
47 check_config 53 check_config
48 echo -n "Restarting OpenBSD Secure Shell server: sshd" 54 echo -n "Restarting OpenBSD Secure Shell server: sshd"
49 start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/sshd.pid 55 start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/sshd.pid
56 check_for_no_start
57 check_privsep_dir
50 sleep 2 58 sleep 2
51 start-stop-daemon --start --quiet --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd 59 start-stop-daemon --start --quiet --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd
52 echo "." 60 echo "."
diff --git a/debian/postinst b/debian/postinst
index bd9ebd3aa..4d3598a31 100644
--- a/debian/postinst
+++ b/debian/postinst
@@ -37,7 +37,7 @@ create_key() {
37 37
38 if [ ! -f "$file" ] ; then 38 if [ ! -f "$file" ] ; then
39 echo -n $msg 39 echo -n $msg
40 ssh-keygen -f "$file" -N '' "$@" > /dev/null 40 ssh-keygen -q -f "$file" -N '' "$@"
41 echo 41 echo
42 fi 42 fi
43} 43}
@@ -50,11 +50,14 @@ create_keys() {
50 } 50 }
51 51
52 if [ "$RET" = "false" ] ; then 52 if [ "$RET" = "false" ] ; then
53 create_key "Creating SSH1 key" /etc/ssh/ssh_host_key -t rsa1 53 create_key "Creating SSH1 key; this may take some time ..." \
54 /etc/ssh/ssh_host_key -t rsa1
54 fi 55 fi
55 56
56 create_key "Creating SSH2 RSA key" /etc/ssh/ssh_host_rsa_key -t rsa 57 create_key "Creating SSH2 RSA key; this may take some time ..." \
57 create_key "Creating SSH2 DSA key" /etc/ssh/ssh_host_dsa_key -t dsa 58 /etc/ssh/ssh_host_rsa_key -t rsa
59 create_key "Creating SSH2 DSA key; this may take some time ..." \
60 /etc/ssh/ssh_host_dsa_key -t dsa
58} 61}
59 62
60 63
@@ -182,7 +185,7 @@ PasswordAuthentication yes
182X11Forwarding no 185X11Forwarding no
183X11DisplayOffset 10 186X11DisplayOffset 10
184PrintMotd no 187PrintMotd no
185#PrintLastLog no 188PrintLastLog yes
186KeepAlive yes 189KeepAlive yes
187#UseLogin no 190#UseLogin no
188 191
@@ -219,7 +222,7 @@ fix_rsh_diversion() {
219fix_statoverride() { 222fix_statoverride() {
220# Remove an erronous override for sshd (we should have overridden ssh) 223# Remove an erronous override for sshd (we should have overridden ssh)
221 if [ -x /usr/sbin/dpkg-statoverride ]; then 224 if [ -x /usr/sbin/dpkg-statoverride ]; then
222 if dpkg-statoverride --list /usr/sbin/sshd 2>/dev/null ; then 225 if dpkg-statoverride --list /usr/sbin/sshd >/dev/null ; then
223 dpkg-statoverride --remove /usr/sbin/sshd 226 dpkg-statoverride --remove /usr/sbin/sshd
224 fi 227 fi
225 fi 228 fi
@@ -227,17 +230,20 @@ fix_statoverride() {
227 230
228 231
229create_alternatives() { 232create_alternatives() {
230# Create alternatives for the various r* tools 233# Create alternatives for the various r* tools.
231# Make sure we don't change existing alternatives that a user might have 234# Make sure we don't change existing alternatives that a user might have
232# changed 235# changed, but clean up after some old alternatives that mistakenly pointed
233 for cmd in rsh rlogin rcp ; do 236# rlogin and rcp to ssh.
234 if ! update-alternatives --display $cmd | \ 237 update-alternatives --quiet --remove rlogin /usr/bin/ssh
235 grep -q ssh ; then 238 update-alternatives --quiet --remove rcp /usr/bin/ssh
236 update-alternatives --quiet --install /usr/bin/$cmd $cmd /usr/bin/ssh 20 \ 239 for cmd in rsh rlogin rcp; do
237 --slave /usr/share/man/man1/$cmd.1.gz $cmd.1.gz /usr/share/man/man1/ssh.1.gz 240 scmd="s${cmd#r}"
241 if ! update-alternatives --display "$cmd" | \
242 grep -q "$scmd"; then
243 update-alternatives --quiet --install "/usr/bin/$cmd" "$cmd" "/usr/bin/$scmd" 20 \
244 --slave "/usr/share/man/man1/$cmd.1.gz" "$cmd.1.gz" "/usr/share/man/man1/$scmd.1.gz"
238 fi 245 fi
239 done 246 done
240
241} 247}
242 248
243setup_sshd_user() { 249setup_sshd_user() {
diff --git a/debian/prerm b/debian/prerm
index 17aa45e1f..8ed7e07ec 100644
--- a/debian/prerm
+++ b/debian/prerm
@@ -17,12 +17,12 @@ set -e
17 17
18case "$1" in 18case "$1" in
19 remove|deconfigure) 19 remove|deconfigure)
20 update-alternatives --quiet --remove ssh /usr/bin/ssh 20 update-alternatives --quiet --remove rsh /usr/bin/ssh
21 update-alternatives --quiet --remove ssh /usr/bin/slogin 21 update-alternatives --quiet --remove rlogin /usr/bin/slogin
22 update-alternatives --quiet --remove ssh /usr/bin/scp 22 update-alternatives --quiet --remove rcp /usr/bin/scp
23 if [ -e /etc/init.d/ssh ]; then 23 if [ -e /etc/init.d/ssh ]; then
24 /etc/init.d/ssh stop 24 /etc/init.d/ssh stop
25 fi 25 fi
26# install-info --quiet --remove /usr/info/ssh-askpass.info.gz 26# install-info --quiet --remove /usr/info/ssh-askpass.info.gz
27 ;; 27 ;;
28 upgrade) 28 upgrade)
diff --git a/debian/ssh.pam b/debian/ssh.pam
index a4478cf4a..f6fbd3ebc 100644
--- a/debian/ssh.pam
+++ b/debian/ssh.pam
@@ -6,7 +6,6 @@ auth required pam_env.so # [1]
6account required pam_unix.so 6account required pam_unix.so
7 7
8session required pam_unix.so 8session required pam_unix.so
9session optional pam_lastlog.so # [1]
10session optional pam_motd.so # [1] 9session optional pam_motd.so # [1]
11session optional pam_mail.so standard noenv # [1] 10session optional pam_mail.so standard noenv # [1]
12session required pam_limits.so 11session required pam_limits.so