diff options
-rw-r--r-- | Makefile.in | 4 | ||||
-rw-r--r-- | auth-pam.c | 4 | ||||
-rw-r--r-- | contrib/ssh-copy-id | 2 | ||||
-rw-r--r-- | debian/changelog | 43 | ||||
-rw-r--r-- | debian/config | 4 | ||||
-rw-r--r-- | debian/control | 3 | ||||
-rw-r--r-- | debian/copyright.head | 10 | ||||
-rw-r--r-- | debian/po/de.po | 98 | ||||
-rw-r--r-- | debian/postinst | 53 | ||||
-rw-r--r-- | debian/preinst | 6 | ||||
-rwxr-xr-x | debian/rules | 5 |
11 files changed, 181 insertions, 51 deletions
diff --git a/Makefile.in b/Makefile.in index 919b36819..8bff3cb2d 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -290,7 +290,7 @@ install-files: scard-install | |||
290 | else \ | 290 | else \ |
291 | echo "$(DESTDIR)$(sysconfdir)/sshd_config already exists, install will not overwrite"; \ | 291 | echo "$(DESTDIR)$(sysconfdir)/sshd_config already exists, install will not overwrite"; \ |
292 | fi | 292 | fi |
293 | @if [ -f ssh_prng_cmds -a ! -z "$(INSTALL_SSH_PRNG_CMDS)" ]; then \ | 293 | @if [ -f ssh_prng_cmds ] && [ ! -z "$(INSTALL_SSH_PRNG_CMDS)" ]; then \ |
294 | if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_prng_cmds ] ; then \ | 294 | if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_prng_cmds ] ; then \ |
295 | $(INSTALL) -m 644 ssh_prng_cmds.out $(DESTDIR)$(sysconfdir)/ssh_prng_cmds; \ | 295 | $(INSTALL) -m 644 ssh_prng_cmds.out $(DESTDIR)$(sysconfdir)/ssh_prng_cmds; \ |
296 | else \ | 296 | else \ |
@@ -404,6 +404,6 @@ tests: $(TARGETS) | |||
404 | $@ | 404 | $@ |
405 | 405 | ||
406 | regressclean: | 406 | regressclean: |
407 | if [ -f regress/Makefile -a -r regress/Makefile ]; then \ | 407 | if [ -f regress/Makefile ] && [ -r regress/Makefile ]; then \ |
408 | (cd regress && $(MAKE) clean) \ | 408 | (cd regress && $(MAKE) clean) \ |
409 | fi | 409 | fi |
diff --git a/auth-pam.c b/auth-pam.c index 361573807..701d85b64 100644 --- a/auth-pam.c +++ b/auth-pam.c | |||
@@ -97,11 +97,11 @@ sshpam_sigchld_handler(int sig) | |||
97 | if (cleanup_ctxt == NULL) | 97 | if (cleanup_ctxt == NULL) |
98 | return; /* handler called after PAM cleanup, shouldn't happen */ | 98 | return; /* handler called after PAM cleanup, shouldn't happen */ |
99 | if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, WNOHANG) | 99 | if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, WNOHANG) |
100 | == -1) { | 100 | <= 0) { |
101 | /* PAM thread has not exitted, privsep slave must have */ | 101 | /* PAM thread has not exitted, privsep slave must have */ |
102 | kill(cleanup_ctxt->pam_thread, SIGTERM); | 102 | kill(cleanup_ctxt->pam_thread, SIGTERM); |
103 | if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, 0) | 103 | if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, 0) |
104 | == -1) | 104 | <= 0) |
105 | return; /* could not wait */ | 105 | return; /* could not wait */ |
106 | } | 106 | } |
107 | if (WIFSIGNALED(sshpam_thread_status) && | 107 | if (WIFSIGNALED(sshpam_thread_status) && |
diff --git a/contrib/ssh-copy-id b/contrib/ssh-copy-id index a1c0a9234..1555b5d37 100644 --- a/contrib/ssh-copy-id +++ b/contrib/ssh-copy-id | |||
@@ -24,7 +24,7 @@ else | |||
24 | fi | 24 | fi |
25 | fi | 25 | fi |
26 | 26 | ||
27 | if [ -z "`eval $GET_ID`" -a -r "${ID_FILE}" ] ; then | 27 | if [ -z "`eval $GET_ID`" ] && [ -r "${ID_FILE}" ] ; then |
28 | GET_ID="cat ${ID_FILE}" | 28 | GET_ID="cat ${ID_FILE}" |
29 | fi | 29 | fi |
30 | 30 | ||
diff --git a/debian/changelog b/debian/changelog index e69582dcf..2c157e7ad 100644 --- a/debian/changelog +++ b/debian/changelog | |||
@@ -1,3 +1,46 @@ | |||
1 | openssh (1:3.8.1p1-8) unstable; urgency=high | ||
2 | |||
3 | * Matthew Vernon: | ||
4 | - Add a GPL exception to the licensing terms of the Debian patch | ||
5 | (closes: #211644). | ||
6 | |||
7 | -- Colin Watson <cjwatson@debian.org> Thu, 29 Jul 2004 13:28:47 +0100 | ||
8 | |||
9 | openssh (1:3.8.1p1-7) unstable; urgency=low | ||
10 | |||
11 | * Re-enable shadow password support in openssh-server-udeb, at Bastian | ||
12 | Blank's request (closes: #260800). | ||
13 | |||
14 | -- Colin Watson <cjwatson@debian.org> Thu, 22 Jul 2004 10:56:06 +0100 | ||
15 | |||
16 | openssh (1:3.8.1p1-6) unstable; urgency=low | ||
17 | |||
18 | * Implement hack in | ||
19 | http://lists.debian.org/debian-boot/2004/07/msg01207.html to get | ||
20 | openssh-client-udeb to show up as a retrievable debian-installer | ||
21 | component. | ||
22 | * Generate host keys in postinst only if the relevant HostKey directives | ||
23 | are found in sshd_config (closes: #87946). | ||
24 | |||
25 | -- Colin Watson <cjwatson@debian.org> Wed, 21 Jul 2004 15:14:46 +0100 | ||
26 | |||
27 | openssh (1:3.8.1p1-5) unstable; urgency=medium | ||
28 | |||
29 | * Update German debconf template translation (thanks, Helge Kreutzmann; | ||
30 | closes: #252226). | ||
31 | * Remove Suggests: dnsutils, as it was only needed for | ||
32 | make-ssh-known-hosts (#93265), which has been replaced by ssh-keyscan. | ||
33 | * Disable shadow password support in openssh-server-udeb. | ||
34 | * Fix non-portable shell constructs in maintainer scripts, Makefile, and | ||
35 | ssh-copy-id (thanks, David Weinehall; closes: #258517). | ||
36 | * Apply patch from Darren Tucker to make the PAM authentication SIGCHLD | ||
37 | handler kill the PAM thread if its waitpid() call returns 0, as well as | ||
38 | the previous check for -1 (closes: #252676). | ||
39 | * Add scp and sftp to openssh-client-udeb. It might not be very 'u' any | ||
40 | more; oh well. | ||
41 | |||
42 | -- Colin Watson <cjwatson@debian.org> Sat, 10 Jul 2004 13:57:27 +0100 | ||
43 | |||
1 | openssh (1:3.8.1p1-4) unstable; urgency=medium | 44 | openssh (1:3.8.1p1-4) unstable; urgency=medium |
2 | 45 | ||
3 | * Kill off PAM thread if privsep slave dies (closes: #248125). | 46 | * Kill off PAM thread if privsep slave dies (closes: #248125). |
diff --git a/debian/config b/debian/config index ea737a081..b5cff528c 100644 --- a/debian/config +++ b/debian/config | |||
@@ -3,7 +3,7 @@ | |||
3 | action=$1 | 3 | action=$1 |
4 | version=$2 | 4 | version=$2 |
5 | 5 | ||
6 | if [ -d /etc/ssh-nonfree -a ! -d /etc/ssh ]; then | 6 | if [ -d /etc/ssh-nonfree ] && [ ! -d /etc/ssh ]; then |
7 | version=1.2.27 | 7 | version=1.2.27 |
8 | cp -a /etc/ssh-nonfree /etc/ssh | 8 | cp -a /etc/ssh-nonfree /etc/ssh |
9 | fi | 9 | fi |
@@ -30,7 +30,7 @@ else | |||
30 | db_fset ssh/use_old_init_script seen true | 30 | db_fset ssh/use_old_init_script seen true |
31 | fi | 31 | fi |
32 | 32 | ||
33 | if [ -z "$version" -a ! -e /etc/ssh/sshd_config ] | 33 | if [ -z "$version" ] && [ ! -e /etc/ssh/sshd_config ] |
34 | then | 34 | then |
35 | db_input medium ssh/protocol2_only || true | 35 | db_input medium ssh/protocol2_only || true |
36 | fi | 36 | fi |
diff --git a/debian/control b/debian/control index 45823595a..37899eb3c 100644 --- a/debian/control +++ b/debian/control | |||
@@ -10,7 +10,7 @@ Package: ssh | |||
10 | Architecture: any | 10 | Architecture: any |
11 | Depends: ${shlibs:Depends}, ${debconf-depends}, ${pam-depends}, libpam-modules (>= 0.72-9), adduser (>= 3.9), dpkg (>= 1.9.0) | 11 | Depends: ${shlibs:Depends}, ${debconf-depends}, ${pam-depends}, libpam-modules (>= 0.72-9), adduser (>= 3.9), dpkg (>= 1.9.0) |
12 | Conflicts: ssh-nonfree (<<2), ssh-socks, ssh2, sftp, rsh-client (<<0.16.1-1) | 12 | Conflicts: ssh-nonfree (<<2), ssh-socks, ssh2, sftp, rsh-client (<<0.16.1-1) |
13 | Suggests: ssh-askpass, xbase-clients, dnsutils | 13 | Suggests: ssh-askpass, xbase-clients |
14 | Provides: rsh-client | 14 | Provides: rsh-client |
15 | Description: Secure rlogin/rsh/rcp replacement (OpenSSH) | 15 | Description: Secure rlogin/rsh/rcp replacement (OpenSSH) |
16 | This is the portable version of OpenSSH, a free implementation of | 16 | This is the portable version of OpenSSH, a free implementation of |
@@ -51,6 +51,7 @@ Section: debian-installer | |||
51 | Priority: optional | 51 | Priority: optional |
52 | Architecture: any | 52 | Architecture: any |
53 | Depends: ${shlibs:Depends}, libnss-files-udeb | 53 | Depends: ${shlibs:Depends}, libnss-files-udeb |
54 | XB-Installer-Menu-Item: 999 | ||
54 | Description: Secure shell client for the Debian installer | 55 | Description: Secure shell client for the Debian installer |
55 | This is the portable version of OpenSSH, a free implementation of | 56 | This is the portable version of OpenSSH, a free implementation of |
56 | the Secure Shell protocol as specified by the IETF secsh working | 57 | the Secure Shell protocol as specified by the IETF secsh working |
diff --git a/debian/copyright.head b/debian/copyright.head index 6d95c8ae2..31658dbdf 100644 --- a/debian/copyright.head +++ b/debian/copyright.head | |||
@@ -13,6 +13,16 @@ original ssh package, which has since been renamed as ssh-nonfree. | |||
13 | The Debian patch is distributed under the terms of the GPL, which you | 13 | The Debian patch is distributed under the terms of the GPL, which you |
14 | can find in /usr/share/common-licenses/GPL. | 14 | can find in /usr/share/common-licenses/GPL. |
15 | 15 | ||
16 | In addition, as a special exception, Matthew Vernon gives permission | ||
17 | to link the code of the Debian patch with any version of the OpenSSH | ||
18 | code which is distributed under a license identical to that listed in | ||
19 | the included Copyright file, and distribute linked combinations | ||
20 | including the two. You must obey the GNU General Public License in | ||
21 | all respects for all of the code used other than OpenSSH. If you | ||
22 | modify this file, you may extend this exception to your version of the | ||
23 | file, but you are not obligated to do so. If you do not wish to do | ||
24 | so, delete this exception statement from your version. | ||
25 | |||
16 | The upstream source for this package is a combination of the ssh | 26 | The upstream source for this package is a combination of the ssh |
17 | branch that is being maintained by the OpenBSD team (starting from | 27 | branch that is being maintained by the OpenBSD team (starting from |
18 | the last version of SSH that was distributed under a free license), | 28 | the last version of SSH that was distributed under a free license), |
diff --git a/debian/po/de.po b/debian/po/de.po index 8605e0d39..85546e7c1 100644 --- a/debian/po/de.po +++ b/debian/po/de.po | |||
@@ -17,9 +17,9 @@ msgstr "" | |||
17 | "Project-Id-Version: PACKAGE VERSION\n" | 17 | "Project-Id-Version: PACKAGE VERSION\n" |
18 | "Report-Msgid-Bugs-To: \n" | 18 | "Report-Msgid-Bugs-To: \n" |
19 | "POT-Creation-Date: 2004-03-06 17:54+0000\n" | 19 | "POT-Creation-Date: 2004-03-06 17:54+0000\n" |
20 | "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" | 20 | "PO-Revision-Date: 2004-05-30 09:49-0200\n" |
21 | "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" | 21 | "Last-Translator: Helge Kreutzmann <kreutzm@itp.uni-hannover.de>\n" |
22 | "Language-Team: LANGUAGE <LL@li.org>\n" | 22 | "Language-Team: de <debian-l10n-german@lists.debian.org>\n" |
23 | "MIME-Version: 1.0\n" | 23 | "MIME-Version: 1.0\n" |
24 | "Content-Type: text/plain; charset=ISO-8859-15\n" | 24 | "Content-Type: text/plain; charset=ISO-8859-15\n" |
25 | "Content-Transfer-Encoding: 8bit\n" | 25 | "Content-Transfer-Encoding: 8bit\n" |
@@ -28,7 +28,7 @@ msgstr "" | |||
28 | #. Description | 28 | #. Description |
29 | #: ../templates.master:4 | 29 | #: ../templates.master:4 |
30 | msgid "Generate new configuration file" | 30 | msgid "Generate new configuration file" |
31 | msgstr "" | 31 | msgstr "Erzeuge eine neue Konfigurationsdatei" |
32 | 32 | ||
33 | #. Type: boolean | 33 | #. Type: boolean |
34 | #. Description | 34 | #. Description |
@@ -40,6 +40,11 @@ msgid "" | |||
40 | "config), which will work with the new server version, but will not contain " | 40 | "config), which will work with the new server version, but will not contain " |
41 | "any customisations you made with the old version." | 41 | "any customisations you made with the old version." |
42 | msgstr "" | 42 | msgstr "" |
43 | "Diese Version von OpenSSH hat eine deutlich geänderte Konfigurationsdatei " | ||
44 | "von der in 'Potato' ausgelieferten Version, von der Sie anscheinend " | ||
45 | "aktualisieren. Ich kann nun eine neue Konfigurationsdatei (/etc/ssh/sshd." | ||
46 | "config) erzeugen, die mit der neuen Server-Version zusammenarbeitet, aber " | ||
47 | "keine Anpassung aus der alten Version enthält." | ||
43 | 48 | ||
44 | #. Type: boolean | 49 | #. Type: boolean |
45 | #. Description | 50 | #. Description |
@@ -51,6 +56,12 @@ msgid "" | |||
51 | "the correct default (see README.Debian for more details), but you can always " | 56 | "the correct default (see README.Debian for more details), but you can always " |
52 | "edit sshd_config and set it to no if you wish." | 57 | "edit sshd_config and set it to no if you wish." |
53 | msgstr "" | 58 | msgstr "" |
59 | "Bitte beachten Sie, daß die neue Konfigurationsdatei 'PermitRootLogin' " | ||
60 | "aufyes setzt (was bedeutet, daß jeder, der das Root-Paßwort kennt, sich " | ||
61 | "direkt per ssh als root anmelden kann). Es ist die Meinung des Betreuers, " | ||
62 | "daß dies die richtige Standardeinstellung ist (bitte lesen Sie README.Debian " | ||
63 | "für weitergehende Informationen), aber Sie können jederzeit sshd_config " | ||
64 | "editieren und dies auf no setzen, falls Sie dies wünschen." | ||
54 | 65 | ||
55 | #. Type: boolean | 66 | #. Type: boolean |
56 | #. Description | 67 | #. Description |
@@ -59,12 +70,14 @@ msgid "" | |||
59 | "It is strongly recommended that you let me generate a new configuration file " | 70 | "It is strongly recommended that you let me generate a new configuration file " |
60 | "for you." | 71 | "for you." |
61 | msgstr "" | 72 | msgstr "" |
73 | "Es wird stark empfohlen, daß Sie mich eine neue Konfigurationsdatei erzeugen " | ||
74 | "lassen." | ||
62 | 75 | ||
63 | #. Type: boolean | 76 | #. Type: boolean |
64 | #. Description | 77 | #. Description |
65 | #: ../templates.master:23 | 78 | #: ../templates.master:23 |
66 | msgid "Allow SSH protocol 2 only" | 79 | msgid "Allow SSH protocol 2 only" |
67 | msgstr "" | 80 | msgstr "Nur SSH-Protokoll Version 2 erlauben" |
68 | 81 | ||
69 | #. Type: boolean | 82 | #. Type: boolean |
70 | #. Description | 83 | #. Description |
@@ -75,6 +88,11 @@ msgid "" | |||
75 | "things down on low end machines and might prevent older clients from " | 88 | "things down on low end machines and might prevent older clients from " |
76 | "connecting (the ssh client shipped with \"potato\" is affected)." | 89 | "connecting (the ssh client shipped with \"potato\" is affected)." |
77 | msgstr "" | 90 | msgstr "" |
91 | "Diese Version von OpenSSH unterstützt Version 2 des SSH-Protokolls, die " | ||
92 | "sicherer ist. Es wird empfohlen, Version 1 zu deaktivieren, allerdings kann " | ||
93 | "dies Vorgänge auf langsamen Maschinen verzögern und alte Clients an der " | ||
94 | "Verbindungsaufnahme hindern (der ssh-Client von \"potato\" ist davon " | ||
95 | "betroffen)." | ||
78 | 96 | ||
79 | #. Type: boolean | 97 | #. Type: boolean |
80 | #. Description | 98 | #. Description |
@@ -83,6 +101,9 @@ msgid "" | |||
83 | "Also please note that keys used for protocol 1 are different so you will not " | 101 | "Also please note that keys used for protocol 1 are different so you will not " |
84 | "be able to use them if you only allow protocol 2 connections." | 102 | "be able to use them if you only allow protocol 2 connections." |
85 | msgstr "" | 103 | msgstr "" |
104 | "Bitte beachten Sie auch, daß sich die für Protokoll 1 verwendeten Schlüssel " | ||
105 | "unterscheiden und Sie diese daher nicht verwenden können, wenn Sie nur " | ||
106 | "Protokoll Version 2-Verbindungen erlauben." | ||
86 | 107 | ||
87 | #. Type: boolean | 108 | #. Type: boolean |
88 | #. Description | 109 | #. Description |
@@ -91,12 +112,14 @@ msgid "" | |||
91 | "If you later change your mind about this setting, README.Debian has " | 112 | "If you later change your mind about this setting, README.Debian has " |
92 | "instructions on what to do to your sshd_config file." | 113 | "instructions on what to do to your sshd_config file." |
93 | msgstr "" | 114 | msgstr "" |
115 | "Falls Sie später Ihre Meinung über diese Einstellung ändern, finden Sie in " | ||
116 | "README.Debian eine Anleitung was Sie mit der sshd_config-Datei machen müssen." | ||
94 | 117 | ||
95 | #. Type: note | 118 | #. Type: note |
96 | #. Description | 119 | #. Description |
97 | #: ../templates.master:37 | 120 | #: ../templates.master:37 |
98 | msgid "ssh2 keys merged in configuration files" | 121 | msgid "ssh2 keys merged in configuration files" |
99 | msgstr "" | 122 | msgstr "ssh2-Schlüssel in die Konfigurationsdateien eingefügt" |
100 | 123 | ||
101 | #. Type: note | 124 | #. Type: note |
102 | #. Description | 125 | #. Description |
@@ -106,12 +129,17 @@ msgid "" | |||
106 | "keys. This means the authorized_keys2 and known_hosts2 files are no longer " | 129 | "keys. This means the authorized_keys2 and known_hosts2 files are no longer " |
107 | "needed. They will still be read in order to maintain backwards compatibility" | 130 | "needed. They will still be read in order to maintain backwards compatibility" |
108 | msgstr "" | 131 | msgstr "" |
132 | "Mit Version 3 verwendet OpenSSH nicht mehr seperate Dateien für ssh1 und " | ||
133 | "ssh2 Schlüssel. Dies bedeutet, daß authorized_keys2 und known_hosts2 nicht " | ||
134 | "mehr benötigt werden. Sie werden noch eingelesen, um Abwärtskompatibilität " | ||
135 | "zu gewähren." | ||
109 | 136 | ||
110 | #. Type: boolean | 137 | #. Type: boolean |
111 | #. Description | 138 | #. Description |
112 | #: ../templates.master:46 | 139 | #: ../templates.master:46 |
113 | msgid "Do you want to continue (and risk killing active ssh sessions)?" | 140 | msgid "Do you want to continue (and risk killing active ssh sessions)?" |
114 | msgstr "Wollen Sie weitermachen (und das Killen der Session riskieren)?" | 141 | msgstr "" |
142 | "Wollen Sie weitermachen (und das Beenden der aktiven Sitzung riskieren)?" | ||
115 | 143 | ||
116 | #. Type: boolean | 144 | #. Type: boolean |
117 | #. Description | 145 | #. Description |
@@ -122,8 +150,8 @@ msgid "" | |||
122 | "session, that would be a Bad Thing(tm)." | 150 | "session, that would be a Bad Thing(tm)." |
123 | msgstr "" | 151 | msgstr "" |
124 | "Die Version von /etc/init.d/ssh, die Sie installiert haben, wird vermutlich " | 152 | "Die Version von /etc/init.d/ssh, die Sie installiert haben, wird vermutlich " |
125 | "Ihre aktiven ssh-Instanzen killen. Wenn Sie das Upgrade via ssh erledigen, " | 153 | "Ihre aktiven ssh-Instanzen beenden. Wenn Sie die Aktualisierung über ssh " |
126 | "dann ist das ein Problem." | 154 | "erledigen, dann wäre das keine Gute Idee(tm)." |
127 | 155 | ||
128 | #. Type: boolean | 156 | #. Type: boolean |
129 | #. Description | 157 | #. Description |
@@ -133,14 +161,14 @@ msgid "" | |||
133 | "daemon line in the stop section of the file." | 161 | "daemon line in the stop section of the file." |
134 | msgstr "" | 162 | msgstr "" |
135 | "Sie können das Problem beheben, indem sie \"--pidfile /var/run/sshd.pid\" an " | 163 | "Sie können das Problem beheben, indem sie \"--pidfile /var/run/sshd.pid\" an " |
136 | "die start-stop-daemon Zeile in dem Bereich stop der Datei /etc/init.d/ssh " | 164 | "die start-stop-daemon Zeile in dem Abschnitt stop der Datei /etc/init.d/ssh " |
137 | "ergänzen." | 165 | "hinzufügen." |
138 | 166 | ||
139 | #. Type: note | 167 | #. Type: note |
140 | #. Description | 168 | #. Description |
141 | #: ../templates.master:56 | 169 | #: ../templates.master:56 |
142 | msgid "NOTE: Forwarding of X11 and Authorization disabled by default." | 170 | msgid "NOTE: Forwarding of X11 and Authorization disabled by default." |
143 | msgstr "HINWEIS: Forwarden von X11 und Authorisierung ist abgeschaltet." | 171 | msgstr "HINWEIS: Weiterleiten von X11 und Berechtigungen ist abgeschaltet." |
144 | 172 | ||
145 | #. Type: note | 173 | #. Type: note |
146 | #. Description | 174 | #. Description |
@@ -149,7 +177,7 @@ msgid "" | |||
149 | "For security reasons, the Debian version of ssh has ForwardX11 and " | 177 | "For security reasons, the Debian version of ssh has ForwardX11 and " |
150 | "ForwardAgent set to ``off'' by default." | 178 | "ForwardAgent set to ``off'' by default." |
151 | msgstr "" | 179 | msgstr "" |
152 | "Aus Sicherheitsgründen sind die Debian Pakete von ssh ForwardX11 und " | 180 | "Aus Sicherheitsgründen ist bei der Debian-Version von ssh ForwardX11 und " |
153 | "ForwardAgent auf \"off\" gesetzt." | 181 | "ForwardAgent auf \"off\" gesetzt." |
154 | 182 | ||
155 | #. Type: note | 183 | #. Type: note |
@@ -160,20 +188,19 @@ msgid "" | |||
160 | "files, or with the -X command line option." | 188 | "files, or with the -X command line option." |
161 | msgstr "" | 189 | msgstr "" |
162 | "Sie können dies für Server, denen Sie trauen, entweder per Eintrag in die " | 190 | "Sie können dies für Server, denen Sie trauen, entweder per Eintrag in die " |
163 | "Konfigurations Dateien oder per Kommando-Zeilen Option -X ändern." | 191 | "Konfigurations-Dateien oder per Kommando-Zeilen Option -X ändern." |
164 | 192 | ||
165 | #. Type: note | 193 | #. Type: note |
166 | #. Description | 194 | #. Description |
167 | #: ../templates.master:56 | 195 | #: ../templates.master:56 |
168 | msgid "More details can be found in /usr/share/doc/ssh/README.Debian" | 196 | msgid "More details can be found in /usr/share/doc/ssh/README.Debian" |
169 | msgstr "" | 197 | msgstr "Weitere Details können Sie in /usr/share/doc/ssh/README.Debian finden." |
170 | "Weitere Details koennen Sie in /usr/share/doc/ssh/README.Debian finden." | ||
171 | 198 | ||
172 | #. Type: note | 199 | #. Type: note |
173 | #. Description | 200 | #. Description |
174 | #: ../templates.master:67 | 201 | #: ../templates.master:67 |
175 | msgid "Warning: rsh-server is installed --- probably not a good idea" | 202 | msgid "Warning: rsh-server is installed --- probably not a good idea" |
176 | msgstr "Warnung: rsh-server ist installiert --- möglicherweise" | 203 | msgstr "Warnung: rsh-server ist installiert --- wahrscheinlich keine gute Idee" |
177 | 204 | ||
178 | #. Type: note | 205 | #. Type: note |
179 | #. Description | 206 | #. Description |
@@ -189,7 +216,7 @@ msgstr "" | |||
189 | #. Description | 216 | #. Description |
190 | #: ../templates.master:74 | 217 | #: ../templates.master:74 |
191 | msgid "Warning: telnetd is installed --- probably not a good idea" | 218 | msgid "Warning: telnetd is installed --- probably not a good idea" |
192 | msgstr "Warnung: telnetd ist installiert --- schlechte Idee" | 219 | msgstr "Warnung: telnetd ist installiert --- wahrscheinlich keine gute Idee" |
193 | 220 | ||
194 | #. Type: note | 221 | #. Type: note |
195 | #. Description | 222 | #. Description |
@@ -208,33 +235,32 @@ msgstr "" | |||
208 | #. Description | 235 | #. Description |
209 | #: ../templates.master:82 | 236 | #: ../templates.master:82 |
210 | msgid "Warning: you must create a new host key" | 237 | msgid "Warning: you must create a new host key" |
211 | msgstr "Warnung: Sie müssen einen neuen Host Key erzeugen" | 238 | msgstr "Warnung: Sie müssen einen neuen Host-Schlüssel erzeugen" |
212 | 239 | ||
213 | #. Type: note | 240 | #. Type: note |
214 | #. Description | 241 | #. Description |
215 | #: ../templates.master:82 | 242 | #: ../templates.master:82 |
216 | #, fuzzy | ||
217 | msgid "" | 243 | msgid "" |
218 | "There is an old /etc/ssh/ssh_host_key, which is IDEA encrypted. OpenSSH can " | 244 | "There is an old /etc/ssh/ssh_host_key, which is IDEA encrypted. OpenSSH can " |
219 | "not handle this host key file, and I can't find the ssh-keygen utility from " | 245 | "not handle this host key file, and I can't find the ssh-keygen utility from " |
220 | "the old (non-free) SSH installation." | 246 | "the old (non-free) SSH installation." |
221 | msgstr "" | 247 | msgstr "" |
222 | "Es existiert eine alte Variante von /etc/ssh/ssh_host_key welche per IDEA " | 248 | "Es existiert eine alte Variante von /etc/ssh/ssh_host_key welche per IDEA " |
223 | "verschlüsselt ist. OpenSSH kann eine solche Host Key Datei nicht lesen und " | 249 | "verschlüsselt ist. OpenSSH kann eine solche Host-Schlüssel-Datei nicht " |
224 | "ssh-keygen von der alten (nicht-freien) ssh Installation kann nicht gefunden " | 250 | "verarbeiten und ssh-keygen von der alten (nicht-freien) ssh Installation " |
225 | "werden." | 251 | "kann nicht gefunden werden." |
226 | 252 | ||
227 | #. Type: note | 253 | #. Type: note |
228 | #. Description | 254 | #. Description |
229 | #: ../templates.master:82 | 255 | #: ../templates.master:82 |
230 | msgid "You will need to generate a new host key." | 256 | msgid "You will need to generate a new host key." |
231 | msgstr "" | 257 | msgstr "Sie müssen einen neuen Host-Schlüssel erzeugen." |
232 | 258 | ||
233 | #. Type: boolean | 259 | #. Type: boolean |
234 | #. Description | 260 | #. Description |
235 | #: ../templates.master:92 | 261 | #: ../templates.master:92 |
236 | msgid "Do you want /usr/lib/ssh-keysign to be installed SUID root?" | 262 | msgid "Do you want /usr/lib/ssh-keysign to be installed SUID root?" |
237 | msgstr "" | 263 | msgstr "Möchten Sie /usr/lib/ssh-keysign SUID-Root installieren?" |
238 | 264 | ||
239 | #. Type: boolean | 265 | #. Type: boolean |
240 | #. Description | 266 | #. Description |
@@ -243,6 +269,8 @@ msgid "" | |||
243 | "You have the option of installing the ssh-keysign helper with the SUID bit " | 269 | "You have the option of installing the ssh-keysign helper with the SUID bit " |
244 | "set." | 270 | "set." |
245 | msgstr "" | 271 | msgstr "" |
272 | "Sie haben die Möglichkeit, den ssh-keysign-Helfer mit gesetzten SUID-Bit zu " | ||
273 | "installieren." | ||
246 | 274 | ||
247 | #. Type: boolean | 275 | #. Type: boolean |
248 | #. Description | 276 | #. Description |
@@ -251,6 +279,8 @@ msgid "" | |||
251 | "If you make ssh-keysign SUID, you will be able to use SSH's Protocol 2 host-" | 279 | "If you make ssh-keysign SUID, you will be able to use SSH's Protocol 2 host-" |
252 | "based authentication." | 280 | "based authentication." |
253 | msgstr "" | 281 | msgstr "" |
282 | "Falls Sie ssh-keysign SUID installieren, können Sie die Host-basierende " | ||
283 | "Authentisierung von SSH-Protokoll Version 2 verwenden." | ||
254 | 284 | ||
255 | #. Type: boolean | 285 | #. Type: boolean |
256 | #. Description | 286 | #. Description |
@@ -259,6 +289,9 @@ msgid "" | |||
259 | "If in doubt, I suggest you install it with SUID. If it causes problems you " | 289 | "If in doubt, I suggest you install it with SUID. If it causes problems you " |
260 | "can change your mind later by running: dpkg-reconfigure ssh" | 290 | "can change your mind later by running: dpkg-reconfigure ssh" |
261 | msgstr "" | 291 | msgstr "" |
292 | "Falls Sie unsicher sind, empfehle ich, mit SUID zu installieren. Falls es " | ||
293 | "Probleme gibt, können Sie später Ihre Meinung ändern, indem Sie dpkg-" | ||
294 | "reconfigure ssh aufrufen." | ||
262 | 295 | ||
263 | #. Type: boolean | 296 | #. Type: boolean |
264 | #. Description | 297 | #. Description |
@@ -279,7 +312,8 @@ msgid "" | |||
279 | "Normally the sshd Secure Shell Server will be run to allow remote logins via " | 312 | "Normally the sshd Secure Shell Server will be run to allow remote logins via " |
280 | "ssh." | 313 | "ssh." |
281 | msgstr "" | 314 | msgstr "" |
282 | "Normal wird der sshd Secure Shell Server für Remote Logins per ssh gestartet." | 315 | "Normalerweise wird der sshd Secure Shell Server für Remote Logins per " |
316 | "sshgestartet." | ||
283 | 317 | ||
284 | #. Type: boolean | 318 | #. Type: boolean |
285 | #. Description | 319 | #. Description |
@@ -290,14 +324,14 @@ msgid "" | |||
290 | "can disable sshd here." | 324 | "can disable sshd here." |
291 | msgstr "" | 325 | msgstr "" |
292 | "Wenn Sie nur den ssh client nutzen wollen, um sich mit anderen Rechnern zu " | 326 | "Wenn Sie nur den ssh client nutzen wollen, um sich mit anderen Rechnern zu " |
293 | "verbinden und sich nicht per ssh in diesen Computer einloggen wollen, dann " | 327 | "verbinden, und sich nicht per ssh in diesen Computer einloggen wollen, dann " |
294 | "können Sie hier den sshd abschalten." | 328 | "können Sie hier den sshd abschalten." |
295 | 329 | ||
296 | #. Type: note | 330 | #. Type: note |
297 | #. Description | 331 | #. Description |
298 | #: ../templates.master:117 | 332 | #: ../templates.master:117 |
299 | msgid "Environment options on keys have been deprecated" | 333 | msgid "Environment options on keys have been deprecated" |
300 | msgstr "" | 334 | msgstr "Umgebungs-Optionen für Schlüssel wurden missbilligt" |
301 | 335 | ||
302 | #. Type: note | 336 | #. Type: note |
303 | #. Description | 337 | #. Description |
@@ -308,6 +342,11 @@ msgid "" | |||
308 | "are using this option in an authorized_keys file, beware that the keys in " | 342 | "are using this option in an authorized_keys file, beware that the keys in " |
309 | "question will no longer work until the option is removed." | 343 | "question will no longer work until the option is removed." |
310 | msgstr "" | 344 | msgstr "" |
345 | "Diese Version von OpenSSH deaktiviert standardmäßig die Umgebungsoption " | ||
346 | "füröffentliche Schlüssel um bestimmte Angriffe (zum Beispiel über " | ||
347 | "LD_PRELOAD) zu vermeiden. Falls Sie diese Option in einer authorized_keys-" | ||
348 | "Datei verwenden, beachten Sie, daß die in Frage kommenden Schlüssel nicht " | ||
349 | "funktionieren werden bis diese Option entfernt wurde." | ||
311 | 350 | ||
312 | #. Type: note | 351 | #. Type: note |
313 | #. Description | 352 | #. Description |
@@ -317,3 +356,6 @@ msgid "" | |||
317 | "sshd_config after the upgrade is complete, taking note of the warning in the " | 356 | "sshd_config after the upgrade is complete, taking note of the warning in the " |
318 | "sshd_config(5) manual page." | 357 | "sshd_config(5) manual page." |
319 | msgstr "" | 358 | msgstr "" |
359 | "Um diese Option wieder zu reaktivieren, setzen Sie, unter Berücksichtigung " | ||
360 | "der Warnung in der sshd_config(5)-Handbuchseite, \"PermitUserEnvironment yes" | ||
361 | "\" in /etc/ssh/sshd_config nachdem die Aktualisierung erfolgt ist." | ||
diff --git a/debian/postinst b/debian/postinst index b641769ba..1baae1677 100644 --- a/debian/postinst +++ b/debian/postinst | |||
@@ -27,13 +27,45 @@ check_idea_key() { | |||
27 | } | 27 | } |
28 | 28 | ||
29 | 29 | ||
30 | get_config_option() { | ||
31 | option="$1" | ||
32 | |||
33 | # TODO: actually only one '=' allowed after option | ||
34 | perl -ne 'print if s/^[[:space:]]*'"$option"'[[:space:]=]+//i' \ | ||
35 | /etc/ssh/sshd_config | ||
36 | } | ||
37 | |||
38 | |||
39 | host_keys_required() { | ||
40 | hostkeys="$(get_config_option HostKey)" | ||
41 | if [ "$hostkeys" ]; then | ||
42 | echo "$hostkeys" | ||
43 | else | ||
44 | # No HostKey directives at all, so the server picks some | ||
45 | # defaults depending on the setting of Protocol. | ||
46 | protocol="$(get_config_option Protocol)" | ||
47 | [ "$protocol" ] || protocol=1,2 | ||
48 | if echo "$protocol" | grep 1 >/dev/null; then | ||
49 | echo /etc/ssh/ssh_host_key | ||
50 | fi | ||
51 | if echo "$protocol" | grep 2 >/dev/null; then | ||
52 | echo /etc/ssh/ssh_host_rsa_key | ||
53 | echo /etc/ssh/ssh_host_dsa_key | ||
54 | fi | ||
55 | fi | ||
56 | } | ||
57 | |||
58 | |||
30 | create_key() { | 59 | create_key() { |
31 | local msg="$1" | 60 | msg="$1" |
61 | shift | ||
62 | hostkeys="$1" | ||
32 | shift | 63 | shift |
33 | local file="$1" | 64 | file="$1" |
34 | shift | 65 | shift |
35 | 66 | ||
36 | if [ ! -f "$file" ] ; then | 67 | if echo "$hostkeys" | grep -x "$file" >/dev/null && \ |
68 | [ ! -f "$file" ] ; then | ||
37 | echo -n $msg | 69 | echo -n $msg |
38 | ssh-keygen -q -f "$file" -N '' "$@" | 70 | ssh-keygen -q -f "$file" -N '' "$@" |
39 | echo | 71 | echo |
@@ -42,16 +74,15 @@ create_key() { | |||
42 | 74 | ||
43 | 75 | ||
44 | create_keys() { | 76 | create_keys() { |
45 | db_get ssh/protocol2_only | 77 | hostkeys="$(host_keys_required)" |
46 | if [ "$RET" = "false" ] ; then | 78 | |
47 | create_key "Creating SSH1 key; this may take some time ..." \ | 79 | create_key "Creating SSH1 key; this may take some time ..." \ |
48 | /etc/ssh/ssh_host_key -t rsa1 | 80 | "$hostkeys" /etc/ssh/ssh_host_key -t rsa1 |
49 | fi | ||
50 | 81 | ||
51 | create_key "Creating SSH2 RSA key; this may take some time ..." \ | 82 | create_key "Creating SSH2 RSA key; this may take some time ..." \ |
52 | /etc/ssh/ssh_host_rsa_key -t rsa | 83 | "$hostkeys" /etc/ssh/ssh_host_rsa_key -t rsa |
53 | create_key "Creating SSH2 DSA key; this may take some time ..." \ | 84 | create_key "Creating SSH2 DSA key; this may take some time ..." \ |
54 | /etc/ssh/ssh_host_dsa_key -t dsa | 85 | "$hostkeys" /etc/ssh/ssh_host_dsa_key -t dsa |
55 | } | 86 | } |
56 | 87 | ||
57 | 88 | ||
@@ -304,9 +335,9 @@ setup_init() { | |||
304 | fi | 335 | fi |
305 | } | 336 | } |
306 | 337 | ||
338 | create_sshdconfig | ||
307 | check_idea_key | 339 | check_idea_key |
308 | create_keys | 340 | create_keys |
309 | create_sshdconfig | ||
310 | fix_rsh_diversion | 341 | fix_rsh_diversion |
311 | fix_statoverride | 342 | fix_statoverride |
312 | create_alternatives | 343 | create_alternatives |
diff --git a/debian/preinst b/debian/preinst index 320d4df2a..e22d0aa5d 100644 --- a/debian/preinst +++ b/debian/preinst | |||
@@ -3,11 +3,11 @@ | |||
3 | action=$1 | 3 | action=$1 |
4 | version=$2 | 4 | version=$2 |
5 | 5 | ||
6 | if [ -d /etc/ssh-nonfree -a ! -d /etc/ssh ]; then | 6 | if [ -d /etc/ssh-nonfree ] && [ ! -d /etc/ssh ]; then |
7 | version=1.2.27 | 7 | version=1.2.27 |
8 | fi | 8 | fi |
9 | 9 | ||
10 | if [ "$action" = upgrade -o "$action" = install ] | 10 | if [ "$action" = upgrade ] || [ "$action" = install ] |
11 | then | 11 | then |
12 | # check if debconf is missing | 12 | # check if debconf is missing |
13 | if ! test -f /usr/share/debconf/confmodule | 13 | if ! test -f /usr/share/debconf/confmodule |
@@ -39,7 +39,7 @@ EOF | |||
39 | # work around for missing debconf | 39 | # work around for missing debconf |
40 | db_get() { : ; } | 40 | db_get() { : ; } |
41 | RET=true | 41 | RET=true |
42 | if [ -d /etc/ssh-nonfree -a ! -d /etc/ssh ]; then | 42 | if [ -d /etc/ssh-nonfree ] && [ ! -d /etc/ssh ]; then |
43 | cp -a /etc/ssh-nonfree /etc/ssh | 43 | cp -a /etc/ssh-nonfree /etc/ssh |
44 | fi | 44 | fi |
45 | else | 45 | else |
diff --git a/debian/rules b/debian/rules index dd8b894a4..4960ad921 100755 --- a/debian/rules +++ b/debian/rules | |||
@@ -79,7 +79,7 @@ build-udeb-stamp: | |||
79 | # Avoid libnsl linkage. Ugh. | 79 | # Avoid libnsl linkage. Ugh. |
80 | perl -pi -e 's/ +-lnsl//' build-udeb/config.status | 80 | perl -pi -e 's/ +-lnsl//' build-udeb/config.status |
81 | cd build-udeb && ./config.status | 81 | cd build-udeb && ./config.status |
82 | $(MAKE) -C build-udeb -j 2 ASKPASS_PROGRAM='/usr/bin/ssh-askpass' CFLAGS='-Os -g -Wall -DSSH_VERSION="\"$(SSH_VERSION)\""' SSH_KEYSIGN='/usr/lib/ssh-keysign' ssh sshd ssh-keygen | 82 | $(MAKE) -C build-udeb -j 2 ASKPASS_PROGRAM='/usr/bin/ssh-askpass' CFLAGS='-Os -g -Wall -DSSH_VERSION="\"$(SSH_VERSION)\""' SSH_KEYSIGN='/usr/lib/ssh-keysign' ssh scp sftp sshd ssh-keygen |
83 | touch build-udeb-stamp | 83 | touch build-udeb-stamp |
84 | 84 | ||
85 | clean: | 85 | clean: |
@@ -143,6 +143,8 @@ install: build | |||
143 | install -o root -g root -m 755 -d debian/ssh/var/run/sshd | 143 | install -o root -g root -m 755 -d debian/ssh/var/run/sshd |
144 | 144 | ||
145 | install -m 755 build-udeb/ssh debian/openssh-client-udeb/usr/bin/ssh | 145 | install -m 755 build-udeb/ssh debian/openssh-client-udeb/usr/bin/ssh |
146 | install -m 755 build-udeb/scp debian/openssh-client-udeb/usr/bin/scp | ||
147 | install -m 755 build-udeb/sftp debian/openssh-client-udeb/usr/bin/sftp | ||
146 | install -m 755 build-udeb/sshd debian/openssh-server-udeb/usr/sbin/sshd | 148 | install -m 755 build-udeb/sshd debian/openssh-server-udeb/usr/sbin/sshd |
147 | install -m 755 build-udeb/ssh-keygen debian/openssh-server-udeb/usr/bin/ssh-keygen | 149 | install -m 755 build-udeb/ssh-keygen debian/openssh-server-udeb/usr/bin/ssh-keygen |
148 | 150 | ||
@@ -213,6 +215,7 @@ binary-openssh-client-udeb: build install | |||
213 | dh_compress | 215 | dh_compress |
214 | dh_fixperms | 216 | dh_fixperms |
215 | dh_installdeb | 217 | dh_installdeb |
218 | install -p -o root -g root -m 755 debian/openssh-client-udeb.isinstallable debian/openssh-client-udeb/DEBIAN/isinstallable | ||
216 | dh_shlibdeps | 219 | dh_shlibdeps |
217 | dh_gencontrol -- -fdebian/files~ | 220 | dh_gencontrol -- -fdebian/files~ |
218 | dpkg-distaddfile $(CLIENT_UDEB) debian-installer optional | 221 | dpkg-distaddfile $(CLIENT_UDEB) debian-installer optional |