diff options
Diffstat (limited to 'debian/README.Debian')
| -rw-r--r-- | debian/README.Debian | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/debian/README.Debian b/debian/README.Debian index 58a5741b0..48f42c4e8 100644 --- a/debian/README.Debian +++ b/debian/README.Debian | |||
| @@ -249,6 +249,27 @@ options related to it are now deprecated and should be removed from | |||
| 249 | The Protocol option is also no longer needed, although it is silently | 249 | The Protocol option is also no longer needed, although it is silently |
| 250 | ignored rather than deprecated. | 250 | ignored rather than deprecated. |
| 251 | 251 | ||
| 252 | if-up hook removed | ||
| 253 | ------------------ | ||
| 254 | |||
| 255 | openssh-server previously shipped an if-up hook that restarted sshd when a | ||
| 256 | network interface came up. This generally caused more problems than it | ||
| 257 | solved: for instance, it means that sshd stops listening briefly while being | ||
| 258 | restarted, which can cause problems in some environments, particularly | ||
| 259 | automated tests. | ||
| 260 | |||
| 261 | The only known situation where the if-up hook was useful was when | ||
| 262 | sshd_config was changed to add ListenAddress entries for particular IP | ||
| 263 | addresses, overriding the default of listening on all addresses, and the | ||
| 264 | system is one that often roams between networks. In such a situation, it is | ||
| 265 | better to remove ListenAddress entries from sshd_config (restoring it to the | ||
| 266 | default behaviour) and instead use firewall rules to restrict incoming SSH | ||
| 267 | connections to only the desired interfaces or addresses. | ||
| 268 | |||
| 269 | For further discussion, see: | ||
| 270 | |||
| 271 | https://bugs.launchpad.net/bugs/1674330 | ||
| 272 | |||
| 252 | -- | 273 | -- |
| 253 | Matthew Vernon <matthew@debian.org> | 274 | Matthew Vernon <matthew@debian.org> |
| 254 | Colin Watson <cjwatson@debian.org> | 275 | Colin Watson <cjwatson@debian.org> |