1 files changed, 25 insertions, 0 deletions
diff --git a/debian/openssh-server.config b/debian/openssh-server.config
index b40e8afd7..0cd0a4b8d 100644
--- a/debian/openssh-server.config
+++ b/debian/openssh-server.config
@@ -7,6 +7,18 @@ version=$2
 . /usr/share/debconf/confmodule
 db_version 2.0
+get_config_option() {
+        option="$1"
+        [ -f /etc/ssh/sshd_config ] || return
+        # TODO: actually only one '=' allowed after option
+        perl -ne 'print if s/^[[:space:]]*'"$option"'[[:space:]=]+//i' \
+           /etc/ssh/sshd_config 2>/dev/null
+}
 if [ -e /etc/init.d/ssh ] && ! grep -q pidfile /etc/init.d/ssh
 then
  db_fset ssh/use_old_init_script seen false
@@ -35,6 +47,19 @@ then
        then db_input medium ssh/protocol2_only ||true
        fi
    fi
+    # An empty version means we're upgrading from before the package split,
+    # so check.
+    if dpkg --compare-versions "$version" lt 1:3.8.1p1-11
+    then
+        passwordauth="$(get_config_option PasswordAuthentication)"
+        crauth="$(get_config_option ChallengeResponseAuthentication)"
+        if [ "$passwordauth" = no ] && \
+           ([ -z "$crauth" ] || [ "$crauth" = yes ])
+        then
+            db_input critical ssh/disable_cr_auth || true
+        fi
+    fi
 fi 
 if [ -x /usr/sbin/in.telnetd ] && grep -q "^telnet\b" /etc/inetd.conf

diff --git a/debian/openssh-server.config b/debian/openssh-server.config index b40e8afd7..0cd0a4b8d 100644 --- a/debian/openssh-server.config +++ b/debian/openssh-server.config
@@ -7,6 +7,18 @@ version=$2
7	. /usr/share/debconf/confmodule	7	. /usr/share/debconf/confmodule
8	db_version 2.0	8	db_version 2.0
9		9
		10
		11	get_config_option() {
		12	option="$1"
		13
		14	[ -f /etc/ssh/sshd_config ] \|\| return
		15
		16	# TODO: actually only one '=' allowed after option
		17	perl -ne 'print if s/^[[:space:]]*'"$option"'[[:space:]=]+//i' \
		18	/etc/ssh/sshd_config 2>/dev/null
		19	}
		20
		21
10	if [ -e /etc/init.d/ssh ] && ! grep -q pidfile /etc/init.d/ssh	22	if [ -e /etc/init.d/ssh ] && ! grep -q pidfile /etc/init.d/ssh
11	then	23	then
12	db_fset ssh/use_old_init_script seen false	24	db_fset ssh/use_old_init_script seen false
@@ -35,6 +47,19 @@ then
35	then db_input medium ssh/protocol2_only \|\|true	47	then db_input medium ssh/protocol2_only \|\|true
36	fi	48	fi
37	fi	49	fi
		50
		51	# An empty version means we're upgrading from before the package split,
		52	# so check.
		53	if dpkg --compare-versions "$version" lt 1:3.8.1p1-11
		54	then
		55	passwordauth="$(get_config_option PasswordAuthentication)"
		56	crauth="$(get_config_option ChallengeResponseAuthentication)"
		57	if [ "$passwordauth" = no ] && \
		58	([ -z "$crauth" ] \|\| [ "$crauth" = yes ])
		59	then
		60	db_input critical ssh/disable_cr_auth \|\| true
		61	fi
		62	fi
38	fi	63	fi
39		64
40	if [ -x /usr/sbin/in.telnetd ] && grep -q "^telnet\b" /etc/inetd.conf	65	if [ -x /usr/sbin/in.telnetd ] && grep -q "^telnet\b" /etc/inetd.conf