summaryrefslogtreecommitdiff
path: root/debian/openssh-server.config
diff options
context:
space:
mode:
Diffstat (limited to 'debian/openssh-server.config')
-rw-r--r--debian/openssh-server.config93
1 files changed, 93 insertions, 0 deletions
diff --git a/debian/openssh-server.config b/debian/openssh-server.config
new file mode 100644
index 000000000..f602c9cde
--- /dev/null
+++ b/debian/openssh-server.config
@@ -0,0 +1,93 @@
1#!/bin/sh
2
3action=$1
4version=$2
5
6# Source debconf library.
7. /usr/share/debconf/confmodule
8db_version 2.0
9
10
11get_config_option() {
12 option="$1"
13
14 [ -f /etc/ssh/sshd_config ] || return
15
16 # TODO: actually only one '=' allowed after option
17 perl -ne 'print if s/^[[:space:]]*'"$option"'[[:space:]=]+//i' \
18 /etc/ssh/sshd_config 2>/dev/null
19}
20
21
22if [ -e /etc/init.d/ssh ] && ! grep -q pidfile /etc/init.d/ssh
23then
24 db_fset ssh/use_old_init_script seen false
25 db_input medium ssh/use_old_init_script || true
26 db_go
27
28 db_get ssh/use_old_init_script
29 [ "$RET" = "false" ] && exit 0
30else
31 db_set ssh/use_old_init_script true
32 db_fset ssh/use_old_init_script seen true
33fi
34
35if [ -z "$version" ] && [ ! -e /etc/ssh/sshd_config ]
36then
37 db_input medium ssh/protocol2_only || true
38fi
39
40if [ -e /etc/ssh/sshd_config ]
41then
42 if dpkg --compare-versions "$version" lt-nl 1:1.3 ;
43 then db_input medium ssh/new_config || true
44 db_go
45 db_get ssh/new_config
46 if [ "$RET" = "true" ];
47 then db_input medium ssh/protocol2_only ||true
48 fi
49 fi
50
51 # An empty version means we're upgrading from before the package split,
52 # so check.
53 if dpkg --compare-versions "$version" lt 1:3.8.1p1-11
54 then
55 passwordauth="$(get_config_option PasswordAuthentication)"
56 crauth="$(get_config_option ChallengeResponseAuthentication)"
57 if [ "$passwordauth" = no ] && \
58 ([ -z "$crauth" ] || [ "$crauth" = yes ])
59 then
60 db_input critical ssh/disable_cr_auth || true
61 fi
62 fi
63fi
64
65if [ -x /usr/sbin/in.telnetd ] && grep -q "^telnet\b" /etc/inetd.conf
66then
67 if ! /usr/sbin/in.telnetd -? 2>&1 | grep -q ssl 2>/dev/null
68 then
69 db_input low ssh/insecure_telnetd || true
70 fi
71fi
72
73key=/etc/ssh/ssh_host_key
74export key
75if [ -n "$version" ] && [ -f $key ] && [ ! -x /usr/bin/ssh-keygen ] &&
76 dpkg --compare-versions "$version" lt 1.2.28
77then
78 # make sure that keys get updated to get rid of IDEA; preinst
79 # actually does the work, but if the old ssh-keygen is not found,
80 # it can't do that -- thus, we tell the user that he must create
81 # a new host key.
82 echo -en '\0\0' | 3<&0 sh -c \
83 'dd if=$key bs=1 skip=32 count=2 2>/dev/null | cmp -s - /dev/fd/3' || {
84 # this means that bytes 32&33 of the key were not both zero, in which
85 # case the key is encrypted, which we need to fix
86 db_input high ssh/encrypted_host_key_but_no_keygen || true
87 }
88fi
89
90
91db_go
92
93exit 0