summaryrefslogtreecommitdiff
path: root/debian/config
diff options
context:
space:
mode:
Diffstat (limited to 'debian/config')
-rw-r--r--debian/config99
1 files changed, 99 insertions, 0 deletions
diff --git a/debian/config b/debian/config
new file mode 100644
index 000000000..7b4f85b43
--- /dev/null
+++ b/debian/config
@@ -0,0 +1,99 @@
1#!/bin/sh
2
3action=$1
4version=$2
5
6if [ -d /etc/ssh-nonfree -a ! -d /etc/ssh ]; then
7 version=1.2.27
8 cp -a /etc/ssh-nonfree /etc/ssh
9fi
10
11# Source debconf library.
12. /usr/share/debconf/confmodule
13db_version 2.0
14
15if [ -n "$version" ] && dpkg --compare-versions "$version" lt 1:3.0p1-1
16then
17 db_input medium ssh/ssh2_keys_merged
18fi
19
20if [ -e /etc/init.d/ssh ] && ! grep -q pidfile /etc/init.d/ssh
21then
22 db_fset ssh/use_old_init_script isdefault true
23 db_input medium ssh/use_old_init_script || true
24 db_go
25
26 db_get ssh/use_old_init_script
27 [ "$RET" = "false" ] && exit 0
28else
29 db_set ssh/use_old_init_script true
30 db_fset ssh/use_old_init_script isdefault false
31fi
32
33if [ -z "$version" -a ! -e /etc/ssh/sshd_config ]
34then
35 db_input medium ssh/protocol2_only || true
36fi
37
38if [ -e /etc/ssh/sshd_config ]
39then
40 if dpkg --compare-versions "$version" lt-nl 1:1.3 ;
41 then db_input medium ssh/new_config || true
42 db_get ssh/new_config
43 if [ "$RET" = "true" ];
44 then db_input medium ssh/protocol2_only ||true
45 db_input high ssh/privsep_ask ||true
46 else db_input high ssh/privsep_tell ||true
47 fi
48 else db_input high ssh/privsep_tell ||true
49 fi
50else db_input high ssh/privsep_tell ||true
51fi
52
53db_input medium ssh/SUID_client || true
54
55# To be correct during initial installation, this relies on the desired
56# default for run_sshd being "true".
57if [ -e /etc/ssh/sshd_not_to_be_run ]
58then
59 db_set ssh/run_sshd false
60else
61 db_set ssh/run_sshd true
62fi
63db_input medium ssh/run_sshd || true
64
65if [ -x /usr/sbin/in.telnetd ] && grep -q "^telnet\b" /etc/inetd.conf
66then
67 if ! /usr/sbin/in.telnetd -? 2>&1 | grep -q ssl 2>/dev/null
68 then
69 db_input low ssh/insecure_telnetd || true
70 fi
71fi
72
73key=/etc/ssh/ssh_host_key
74export key
75if [ -n "$version" ] && [ -f $key ] && [ ! -x /usr/bin/ssh-keygen ] &&
76 dpkg --compare-versions "$version" lt 1.2.28
77then
78 # make sure that keys get updated to get rid of IDEA; preinst
79 # actually does the work, but if the old ssh-keygen is not found,
80 # it can't do that -- thus, we tell the user that he must create
81 # a new host key.
82 echo -en '\0\0' | 3<&0 sh -c \
83 'dd if=$key bs=1 skip=32 count=2 2>/dev/null | cmp -s - /dev/fd/3' || {
84 # this means that bytes 32&33 of the key were not both zero, in which
85 # case the key is encrypted, which we need to fix
86 db_input high ssh/encrypted_host_key_but_no_keygen || true
87 }
88fi
89
90
91db_input low ssh/forward_warning || true
92
93if dpkg --compare-versions "$version" lt-nl 1:3.5p1-3; then
94 db_input high ssh/user_environment_tell || true
95fi
96
97db_go
98
99exit 0