11 files changed, 181 insertions, 51 deletions
diff --git a/Makefile.in b/Makefile.in
index 919b36819..8bff3cb2d 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -290,7 +290,7 @@ install-files: scard-install
        else \
                echo "$(DESTDIR)$(sysconfdir)/sshd_config already exists, install will not overwrite"; \
        fi
-        @if [ -f ssh_prng_cmds -a ! -z "$(INSTALL_SSH_PRNG_CMDS)" ]; then \
+        @if [ -f ssh_prng_cmds ] && [ ! -z "$(INSTALL_SSH_PRNG_CMDS)" ]; then \
                if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_prng_cmds ] ; then \
                        $(INSTALL) -m 644 ssh_prng_cmds.out $(DESTDIR)$(sysconfdir)/ssh_prng_cmds; \
                else \
@@ -404,6 +404,6 @@ tests:	$(TARGETS)
                $@
 regressclean:
-        if [ -f regress/Makefile -a -r regress/Makefile ]; then \
+        if [ -f regress/Makefile ] && [ -r regress/Makefile ]; then \
                (cd regress && $(MAKE) clean) \
        fi
diff --git a/auth-pam.c b/auth-pam.c
index 361573807..701d85b64 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -97,11 +97,11 @@ sshpam_sigchld_handler(int sig)
        if (cleanup_ctxt == NULL)
                return; /* handler called after PAM cleanup, shouldn't happen */
        if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, WNOHANG)
-             == -1) {
+             <= 0) {
                /* PAM thread has not exitted, privsep slave must have */
                kill(cleanup_ctxt->pam_thread, SIGTERM);
                if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, 0)
-                    == -1)
+                    <= 0)
                        return; /* could not wait */
        }
        if (WIFSIGNALED(sshpam_thread_status) &&
diff --git a/contrib/ssh-copy-id b/contrib/ssh-copy-id
index a1c0a9234..1555b5d37 100644
--- a/contrib/ssh-copy-id
+++ b/contrib/ssh-copy-id
@@ -24,7 +24,7 @@ else
  fi
 fi
-if [ -z "`eval $GET_ID`" -a -r "${ID_FILE}" ] ; then
+if [ -z "`eval $GET_ID`" ] && [ -r "${ID_FILE}" ] ; then
  GET_ID="cat ${ID_FILE}"
 fi
diff --git a/debian/changelog b/debian/changelog
index e69582dcf..2c157e7ad 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,46 @@
+openssh (1:3.8.1p1-8) unstable; urgency=high
+  * Matthew Vernon:
+    - Add a GPL exception to the licensing terms of the Debian patch
+      (closes: #211644).
+ -- Colin Watson <cjwatson@debian.org>  Thu, 29 Jul 2004 13:28:47 +0100
+openssh (1:3.8.1p1-7) unstable; urgency=low
+  * Re-enable shadow password support in openssh-server-udeb, at Bastian
+    Blank's request (closes: #260800).
+ -- Colin Watson <cjwatson@debian.org>  Thu, 22 Jul 2004 10:56:06 +0100
+openssh (1:3.8.1p1-6) unstable; urgency=low
+  * Implement hack in
+    http://lists.debian.org/debian-boot/2004/07/msg01207.html to get
+    openssh-client-udeb to show up as a retrievable debian-installer
+    component.
+  * Generate host keys in postinst only if the relevant HostKey directives
+    are found in sshd_config (closes: #87946).
+ -- Colin Watson <cjwatson@debian.org>  Wed, 21 Jul 2004 15:14:46 +0100
+openssh (1:3.8.1p1-5) unstable; urgency=medium
+  * Update German debconf template translation (thanks, Helge Kreutzmann;
+    closes: #252226).
+  * Remove Suggests: dnsutils, as it was only needed for
+    make-ssh-known-hosts (#93265), which has been replaced by ssh-keyscan.
+  * Disable shadow password support in openssh-server-udeb.
+  * Fix non-portable shell constructs in maintainer scripts, Makefile, and
+    ssh-copy-id (thanks, David Weinehall; closes: #258517).
+  * Apply patch from Darren Tucker to make the PAM authentication SIGCHLD
+    handler kill the PAM thread if its waitpid() call returns 0, as well as
+    the previous check for -1 (closes: #252676).
+  * Add scp and sftp to openssh-client-udeb. It might not be very 'u' any
+    more; oh well.
+ -- Colin Watson <cjwatson@debian.org>  Sat, 10 Jul 2004 13:57:27 +0100
 openssh (1:3.8.1p1-4) unstable; urgency=medium
  * Kill off PAM thread if privsep slave dies (closes: #248125).
diff --git a/debian/config b/debian/config
index ea737a081..b5cff528c 100644
--- a/debian/config
+++ b/debian/config
@@ -3,7 +3,7 @@
 action=$1
 version=$2
-if [ -d /etc/ssh-nonfree -a ! -d /etc/ssh ]; then
+if [ -d /etc/ssh-nonfree ] && [ ! -d /etc/ssh ]; then
  version=1.2.27
  cp -a /etc/ssh-nonfree /etc/ssh
 fi
@@ -30,7 +30,7 @@ else
  db_fset ssh/use_old_init_script seen true
 fi
-if [ -z "$version" -a ! -e /etc/ssh/sshd_config ]
+if [ -z "$version" ] && [ ! -e /etc/ssh/sshd_config ]
 then
  db_input medium ssh/protocol2_only || true
 fi
diff --git a/debian/control b/debian/control
index 45823595a..37899eb3c 100644
--- a/debian/control
+++ b/debian/control
@@ -10,7 +10,7 @@ Package: ssh
 Architecture: any
 Depends: ${shlibs:Depends}, ${debconf-depends}, ${pam-depends}, libpam-modules (>= 0.72-9), adduser (>= 3.9), dpkg (>= 1.9.0)
 Conflicts: ssh-nonfree (<<2), ssh-socks, ssh2, sftp, rsh-client (<<0.16.1-1)
-Suggests: ssh-askpass, xbase-clients, dnsutils
+Suggests: ssh-askpass, xbase-clients
 Provides: rsh-client
 Description: Secure rlogin/rsh/rcp replacement (OpenSSH)
 This is the portable version of OpenSSH, a free implementation of
@@ -51,6 +51,7 @@ Section: debian-installer
 Priority: optional
 Architecture: any
 Depends: ${shlibs:Depends}, libnss-files-udeb
+XB-Installer-Menu-Item: 999
 Description: Secure shell client for the Debian installer
 This is the portable version of OpenSSH, a free implementation of
 the Secure Shell protocol as specified by the IETF secsh working
diff --git a/debian/copyright.head b/debian/copyright.head
index 6d95c8ae2..31658dbdf 100644
--- a/debian/copyright.head
+++ b/debian/copyright.head
@@ -13,6 +13,16 @@ original ssh package, which has since been renamed as ssh-nonfree.
 The Debian patch is distributed under the terms of the GPL, which you
 can find in /usr/share/common-licenses/GPL.
+In addition, as a special exception, Matthew Vernon gives permission
+to link the code of the Debian patch with any version of the OpenSSH
+code which is distributed under a license identical to that listed in
+the included Copyright file, and distribute linked combinations
+including the two.  You must obey the GNU General Public License in
+all respects for all of the code used other than OpenSSH.  If you
+modify this file, you may extend this exception to your version of the
+file, but you are not obligated to do so.  If you do not wish to do
+so, delete this exception statement from your version.
 The upstream source for this package is a combination of the ssh
 branch that is being maintained by the OpenBSD team (starting from
 the last version of SSH that was distributed under a free license),
diff --git a/debian/po/de.po b/debian/po/de.po
index 8605e0d39..85546e7c1 100644
--- a/debian/po/de.po
+++ b/debian/po/de.po
@@ -17,9 +17,9 @@ msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2004-03-06 17:54+0000\n"
-"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"PO-Revision-Date: 2004-05-30 09:49-0200\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Last-Translator: Helge Kreutzmann <kreutzm@itp.uni-hannover.de>\n"
-"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language-Team: de <debian-l10n-german@lists.debian.org>\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=ISO-8859-15\n"
 "Content-Transfer-Encoding: 8bit\n"
@@ -28,7 +28,7 @@ msgstr ""
 #. Description
 #: ../templates.master:4
 msgid "Generate new configuration file"
-msgstr ""
+msgstr "Erzeuge eine neue Konfigurationsdatei"
 #. Type: boolean
 #. Description
@@ -40,6 +40,11 @@ msgid ""
 "config), which will work with the new server version, but will not contain "
 "any customisations you made with the old version."
 msgstr ""
+"Diese Version von OpenSSH hat eine deutlich ge�nderte Konfigurationsdatei "
+"von der in 'Potato' ausgelieferten Version, von der Sie anscheinend "
+"aktualisieren. Ich kann nun eine neue Konfigurationsdatei (/etc/ssh/sshd."
+"config) erzeugen, die mit der neuen Server-Version zusammenarbeitet, aber "
+"keine Anpassung aus der alten Version enth�lt."
 #. Type: boolean
 #. Description
@@ -51,6 +56,12 @@ msgid ""
 "the correct default (see README.Debian for more details), but you can always "
 "edit sshd_config and set it to no if you wish."
 msgstr ""
+"Bitte beachten Sie, da� die neue Konfigurationsdatei 'PermitRootLogin' "
+"aufyes setzt (was bedeutet, da� jeder, der das Root-Pa�wort kennt, sich "
+"direkt per ssh als root anmelden kann). Es ist die Meinung des Betreuers, "
+"da� dies die richtige Standardeinstellung ist (bitte lesen Sie README.Debian "
+"f�r weitergehende Informationen), aber Sie k�nnen jederzeit sshd_config "
+"editieren und dies auf no setzen, falls Sie dies w�nschen."
 #. Type: boolean
 #. Description
@@ -59,12 +70,14 @@ msgid ""
 "It is strongly recommended that you let me generate a new configuration file "
 "for you."
 msgstr ""
+"Es wird stark empfohlen, da� Sie mich eine neue Konfigurationsdatei erzeugen "
+"lassen."
 #. Type: boolean
 #. Description
 #: ../templates.master:23
 msgid "Allow SSH protocol 2 only"
-msgstr ""
+msgstr "Nur SSH-Protokoll Version 2 erlauben"
 #. Type: boolean
 #. Description
@@ -75,6 +88,11 @@ msgid ""
 "things down on low end machines and might prevent older clients from "
 "connecting (the ssh client shipped with \"potato\" is affected)."
 msgstr ""
+"Diese Version von OpenSSH unterst�tzt Version 2 des SSH-Protokolls, die "
+"sicherer ist. Es wird empfohlen, Version 1 zu deaktivieren, allerdings kann "
+"dies Vorg�nge auf langsamen Maschinen verz�gern und alte Clients an der "
+"Verbindungsaufnahme hindern (der ssh-Client von \"potato\" ist davon "
+"betroffen)."
 #. Type: boolean
 #. Description
@@ -83,6 +101,9 @@ msgid ""
 "Also please note that keys used for protocol 1 are different so you will not "
 "be able to use them if you only allow protocol 2 connections."
 msgstr ""
+"Bitte beachten Sie auch, da� sich die f�r Protokoll 1 verwendeten Schl�ssel "
+"unterscheiden und Sie diese daher nicht verwenden k�nnen, wenn Sie nur "
+"Protokoll Version 2-Verbindungen erlauben."
 #. Type: boolean
 #. Description
@@ -91,12 +112,14 @@ msgid ""
 "If you later change your mind about this setting, README.Debian has "
 "instructions on what to do to your sshd_config file."
 msgstr ""
+"Falls Sie sp�ter Ihre Meinung �ber diese Einstellung �ndern, finden Sie in "
+"README.Debian eine Anleitung was Sie mit der sshd_config-Datei machen m�ssen."
 #. Type: note
 #. Description
 #: ../templates.master:37
 msgid "ssh2 keys merged in configuration files"
-msgstr ""
+msgstr "ssh2-Schl�ssel in die Konfigurationsdateien eingef�gt"
 #. Type: note
 #. Description
@@ -106,12 +129,17 @@ msgid ""
 "keys. This means the authorized_keys2 and known_hosts2 files are no longer "
 "needed. They will still be read in order to maintain backwards compatibility"
 msgstr ""
+"Mit Version 3 verwendet OpenSSH nicht mehr seperate Dateien f�r ssh1 und "
+"ssh2 Schl�ssel. Dies bedeutet, da� authorized_keys2 und known_hosts2 nicht "
+"mehr ben�tigt werden. Sie werden noch eingelesen, um Abw�rtskompatibilit�t "
+"zu gew�hren."
 #. Type: boolean
 #. Description
 #: ../templates.master:46
 msgid "Do you want to continue (and risk killing active ssh sessions)?"
-msgstr "Wollen Sie weitermachen (und das Killen der Session riskieren)?"
+msgstr ""
+"Wollen Sie weitermachen (und das Beenden der aktiven Sitzung riskieren)?"
 #. Type: boolean
 #. Description
@@ -122,8 +150,8 @@ msgid ""
 "session, that would be a Bad Thing(tm)."
 msgstr ""
 "Die Version von /etc/init.d/ssh, die Sie installiert haben, wird vermutlich "
-"Ihre aktiven ssh-Instanzen killen. Wenn Sie das Upgrade via ssh erledigen, "
+"Ihre aktiven ssh-Instanzen beenden. Wenn Sie die Aktualisierung �ber ssh "
-"dann ist das ein Problem."
+"erledigen, dann w�re das keine Gute Idee(tm)."
 #. Type: boolean
 #. Description
@@ -133,14 +161,14 @@ msgid ""
 "daemon line in the stop section of the file."
 msgstr ""
 "Sie k�nnen das Problem beheben, indem sie \"--pidfile /var/run/sshd.pid\" an "
-"die start-stop-daemon Zeile in dem Bereich stop der Datei /etc/init.d/ssh "
+"die start-stop-daemon Zeile in dem Abschnitt stop der Datei /etc/init.d/ssh "
-"erg�nzen."
+"hinzuf�gen."
 #. Type: note
 #. Description
 #: ../templates.master:56
 msgid "NOTE: Forwarding of X11 and Authorization disabled by default."
-msgstr "HINWEIS: Forwarden von X11 und Authorisierung ist abgeschaltet."
+msgstr "HINWEIS: Weiterleiten von X11 und Berechtigungen ist abgeschaltet."
 #. Type: note
 #. Description
@@ -149,7 +177,7 @@ msgid ""
 "For security reasons, the Debian version of ssh has ForwardX11 and "
 "ForwardAgent set to ``off'' by default."
 msgstr ""
-"Aus Sicherheitsgr�nden sind die Debian Pakete von ssh ForwardX11 und "
+"Aus Sicherheitsgr�nden ist bei der Debian-Version von ssh ForwardX11 und "
 "ForwardAgent auf \"off\" gesetzt."
 #. Type: note
@@ -160,20 +188,19 @@ msgid ""
 "files, or with the -X command line option."
 msgstr ""
 "Sie k�nnen dies f�r Server, denen Sie trauen, entweder per Eintrag in die "
-"Konfigurations Dateien oder per Kommando-Zeilen Option -X �ndern."
+"Konfigurations-Dateien oder per Kommando-Zeilen Option -X �ndern."
 #. Type: note
 #. Description
 #: ../templates.master:56
 msgid "More details can be found in /usr/share/doc/ssh/README.Debian"
-msgstr ""
+msgstr "Weitere Details k�nnen Sie in /usr/share/doc/ssh/README.Debian finden."
-"Weitere Details koennen Sie in /usr/share/doc/ssh/README.Debian finden."
 #. Type: note
 #. Description
 #: ../templates.master:67
 msgid "Warning: rsh-server is installed --- probably not a good idea"
-msgstr "Warnung: rsh-server ist installiert --- m�glicherweise"
+msgstr "Warnung: rsh-server ist installiert --- wahrscheinlich keine gute Idee"
 #. Type: note
 #. Description
@@ -189,7 +216,7 @@ msgstr ""
 #. Description
 #: ../templates.master:74
 msgid "Warning: telnetd is installed --- probably not a good idea"
-msgstr "Warnung: telnetd ist installiert --- schlechte Idee"
+msgstr "Warnung: telnetd ist installiert --- wahrscheinlich keine gute Idee"
 #. Type: note
 #. Description
@@ -208,33 +235,32 @@ msgstr ""
 #. Description
 #: ../templates.master:82
 msgid "Warning: you must create a new host key"
-msgstr "Warnung: Sie m�ssen einen neuen Host Key erzeugen"
+msgstr "Warnung: Sie m�ssen einen neuen Host-Schl�ssel erzeugen"
 #. Type: note
 #. Description
 #: ../templates.master:82
-#, fuzzy
 msgid ""
 "There is an old /etc/ssh/ssh_host_key, which is IDEA encrypted. OpenSSH can "
 "not handle this host key file, and I can't find the ssh-keygen utility from "
 "the old (non-free) SSH installation."
 msgstr ""
 "Es existiert eine alte Variante von /etc/ssh/ssh_host_key welche per IDEA "
-"verschl�sselt ist. OpenSSH kann eine solche Host Key Datei nicht lesen und "
+"verschl�sselt ist. OpenSSH kann eine solche Host-Schl�ssel-Datei nicht "
-"ssh-keygen von der alten (nicht-freien) ssh Installation kann nicht gefunden "
+"verarbeiten und ssh-keygen von der alten (nicht-freien) ssh Installation "
-"werden."
+"kann nicht gefunden werden."
 #. Type: note
 #. Description
 #: ../templates.master:82
 msgid "You will need to generate a new host key."
-msgstr ""
+msgstr "Sie m�ssen einen neuen Host-Schl�ssel erzeugen."
 #. Type: boolean
 #. Description
 #: ../templates.master:92
 msgid "Do you want /usr/lib/ssh-keysign to be installed SUID root?"
-msgstr ""
+msgstr "M�chten Sie /usr/lib/ssh-keysign SUID-Root installieren?"
 #. Type: boolean
 #. Description
@@ -243,6 +269,8 @@ msgid ""
 "You have the option of installing the ssh-keysign helper with the SUID bit "
 "set."
 msgstr ""
+"Sie haben die M�glichkeit, den ssh-keysign-Helfer mit gesetzten SUID-Bit zu "
+"installieren."
 #. Type: boolean
 #. Description
@@ -251,6 +279,8 @@ msgid ""
 "If you make ssh-keysign SUID, you will be able to use SSH's Protocol 2 host-"
 "based authentication."
 msgstr ""
+"Falls Sie ssh-keysign SUID installieren, k�nnen Sie die Host-basierende "
+"Authentisierung von SSH-Protokoll Version 2 verwenden."
 #. Type: boolean
 #. Description
@@ -259,6 +289,9 @@ msgid ""
 "If in doubt, I suggest you install it with SUID.  If it causes problems you "
 "can change your mind later by running:   dpkg-reconfigure ssh"
 msgstr ""
+"Falls Sie unsicher sind, empfehle ich, mit SUID zu installieren. Falls es "
+"Probleme gibt, k�nnen Sie sp�ter Ihre Meinung �ndern, indem Sie dpkg-"
+"reconfigure ssh aufrufen."
 #. Type: boolean
 #. Description
@@ -279,7 +312,8 @@ msgid ""
 "Normally the sshd Secure Shell Server will be run to allow remote logins via "
 "ssh."
 msgstr ""
-"Normal wird der sshd Secure Shell Server f�r Remote Logins per ssh gestartet."
+"Normalerweise wird der sshd Secure Shell Server f�r Remote Logins per "
+"sshgestartet."
 #. Type: boolean
 #. Description
@@ -290,14 +324,14 @@ msgid ""
 "can disable sshd here."
 msgstr ""
 "Wenn Sie nur den ssh client nutzen wollen, um sich mit anderen Rechnern zu "
-"verbinden und sich nicht per ssh in diesen Computer einloggen wollen, dann "
+"verbinden, und sich nicht per ssh in diesen Computer einloggen wollen, dann "
 "k�nnen Sie hier den sshd abschalten."
 #. Type: note
 #. Description
 #: ../templates.master:117
 msgid "Environment options on keys have been deprecated"
-msgstr ""
+msgstr "Umgebungs-Optionen f�r Schl�ssel wurden missbilligt"
 #. Type: note
 #. Description
@@ -308,6 +342,11 @@ msgid ""
 "are using this option in an authorized_keys file, beware that the keys in "
 "question will no longer work until the option is removed."
 msgstr ""
+"Diese Version von OpenSSH deaktiviert standardm��ig die Umgebungsoption "
+"f�r�ffentliche Schl�ssel um bestimmte Angriffe (zum Beispiel �ber "
+"LD_PRELOAD) zu vermeiden. Falls Sie diese Option in einer authorized_keys-"
+"Datei verwenden, beachten Sie, da� die in Frage kommenden Schl�ssel nicht "
+"funktionieren werden bis diese Option entfernt wurde."
 #. Type: note
 #. Description
@@ -317,3 +356,6 @@ msgid ""
 "sshd_config after the upgrade is complete, taking note of the warning in the "
 "sshd_config(5) manual page."
 msgstr ""
+"Um diese Option wieder zu reaktivieren, setzen Sie, unter Ber�cksichtigung "
+"der Warnung in der sshd_config(5)-Handbuchseite, \"PermitUserEnvironment yes"
+"\" in /etc/ssh/sshd_config nachdem die Aktualisierung erfolgt ist."
diff --git a/debian/postinst b/debian/postinst
index b641769ba..1baae1677 100644
--- a/debian/postinst
+++ b/debian/postinst
@@ -27,13 +27,45 @@ check_idea_key() {
 }
+get_config_option() {
+        option="$1"
+        # TODO: actually only one '=' allowed after option
+        perl -ne 'print if s/^[[:space:]]*'"$option"'[[:space:]=]+//i' \
+           /etc/ssh/sshd_config
+}
+host_keys_required() {
+        hostkeys="$(get_config_option HostKey)"
+        if [ "$hostkeys" ]; then
+                echo "$hostkeys"
+        else
+                # No HostKey directives at all, so the server picks some
+                # defaults depending on the setting of Protocol.
+                protocol="$(get_config_option Protocol)"
+                [ "$protocol" ] || protocol=1,2
+                if echo "$protocol" | grep 1 >/dev/null; then
+                        echo /etc/ssh/ssh_host_key
+                fi
+                if echo "$protocol" | grep 2 >/dev/null; then
+                        echo /etc/ssh/ssh_host_rsa_key
+                        echo /etc/ssh/ssh_host_dsa_key
+                fi
+        fi
+}
 create_key() {
-        local msg="$1"
+        msg="$1"
+        shift
+        hostkeys="$1"
        shift
-        local file="$1"
+        file="$1"
        shift
-        if [ ! -f "$file" ] ; then
+        if echo "$hostkeys" | grep -x "$file" >/dev/null && \
+           [ ! -f "$file" ] ; then
                echo -n $msg
                ssh-keygen -q -f "$file" -N '' "$@"
                echo
@@ -42,16 +74,15 @@ create_key() {
 create_keys() {
-        db_get ssh/protocol2_only
+        hostkeys="$(host_keys_required)"
-        if [ "$RET" = "false" ] ; then
-                create_key "Creating SSH1 key; this may take some time ..." \
+        create_key "Creating SSH1 key; this may take some time ..." \
-                        /etc/ssh/ssh_host_key -t rsa1
+                "$hostkeys" /etc/ssh/ssh_host_key -t rsa1
-        fi
        create_key "Creating SSH2 RSA key; this may take some time ..." \
-                /etc/ssh/ssh_host_rsa_key -t rsa
+                "$hostkeys" /etc/ssh/ssh_host_rsa_key -t rsa
        create_key "Creating SSH2 DSA key; this may take some time ..." \
-                /etc/ssh/ssh_host_dsa_key -t dsa
+                "$hostkeys" /etc/ssh/ssh_host_dsa_key -t dsa
 }
@@ -304,9 +335,9 @@ setup_init() {
        fi
 }
+create_sshdconfig
 check_idea_key
 create_keys
-create_sshdconfig
 fix_rsh_diversion
 fix_statoverride
 create_alternatives
diff --git a/debian/preinst b/debian/preinst
index 320d4df2a..e22d0aa5d 100644
--- a/debian/preinst
+++ b/debian/preinst
@@ -3,11 +3,11 @@
 action=$1
 version=$2
-if [ -d /etc/ssh-nonfree -a ! -d /etc/ssh ]; then
+if [ -d /etc/ssh-nonfree ] && [ ! -d /etc/ssh ]; then
  version=1.2.27
 fi
-if [ "$action" = upgrade -o "$action" = install ]
+if [ "$action" = upgrade ] || [ "$action" = install ]
 then
  # check if debconf is missing
  if ! test -f /usr/share/debconf/confmodule
@@ -39,7 +39,7 @@ EOF
    # work around for missing debconf
    db_get() { : ; }
    RET=true
-    if [ -d /etc/ssh-nonfree -a ! -d /etc/ssh ]; then
+    if [ -d /etc/ssh-nonfree ] && [ ! -d /etc/ssh ]; then
      cp -a /etc/ssh-nonfree /etc/ssh
    fi
  else
diff --git a/debian/rules b/debian/rules
index dd8b894a4..4960ad921 100755
--- a/debian/rules
+++ b/debian/rules
@@ -79,7 +79,7 @@ build-udeb-stamp:
        # Avoid libnsl linkage. Ugh.
        perl -pi -e 's/ +-lnsl//' build-udeb/config.status
        cd build-udeb && ./config.status
-        $(MAKE) -C build-udeb -j 2 ASKPASS_PROGRAM='/usr/bin/ssh-askpass' CFLAGS='-Os -g -Wall -DSSH_VERSION="\"$(SSH_VERSION)\""' SSH_KEYSIGN='/usr/lib/ssh-keysign' ssh sshd ssh-keygen
+        $(MAKE) -C build-udeb -j 2 ASKPASS_PROGRAM='/usr/bin/ssh-askpass' CFLAGS='-Os -g -Wall -DSSH_VERSION="\"$(SSH_VERSION)\""' SSH_KEYSIGN='/usr/lib/ssh-keysign' ssh scp sftp sshd ssh-keygen
        touch build-udeb-stamp
 clean:
@@ -143,6 +143,8 @@ install: build
        install -o root -g root -m 755 -d debian/ssh/var/run/sshd
        install -m 755 build-udeb/ssh debian/openssh-client-udeb/usr/bin/ssh
+        install -m 755 build-udeb/scp debian/openssh-client-udeb/usr/bin/scp
+        install -m 755 build-udeb/sftp debian/openssh-client-udeb/usr/bin/sftp
        install -m 755 build-udeb/sshd debian/openssh-server-udeb/usr/sbin/sshd
        install -m 755 build-udeb/ssh-keygen debian/openssh-server-udeb/usr/bin/ssh-keygen
@@ -213,6 +215,7 @@ binary-openssh-client-udeb: build install
        dh_compress
        dh_fixperms
        dh_installdeb
+        install -p -o root -g root -m 755 debian/openssh-client-udeb.isinstallable debian/openssh-client-udeb/DEBIAN/isinstallable
        dh_shlibdeps
        dh_gencontrol -- -fdebian/files~
        dpkg-distaddfile $(CLIENT_UDEB) debian-installer optional