diff options
Diffstat (limited to 'debian/openssh-server.config')
-rw-r--r-- | debian/openssh-server.config | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/debian/openssh-server.config b/debian/openssh-server.config new file mode 100644 index 000000000..b40e8afd7 --- /dev/null +++ b/debian/openssh-server.config | |||
@@ -0,0 +1,70 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | action=$1 | ||
4 | version=$2 | ||
5 | |||
6 | # Source debconf library. | ||
7 | . /usr/share/debconf/confmodule | ||
8 | db_version 2.0 | ||
9 | |||
10 | if [ -e /etc/init.d/ssh ] && ! grep -q pidfile /etc/init.d/ssh | ||
11 | then | ||
12 | db_fset ssh/use_old_init_script seen false | ||
13 | db_input medium ssh/use_old_init_script || true | ||
14 | db_go | ||
15 | |||
16 | db_get ssh/use_old_init_script | ||
17 | [ "$RET" = "false" ] && exit 0 | ||
18 | else | ||
19 | db_set ssh/use_old_init_script true | ||
20 | db_fset ssh/use_old_init_script seen true | ||
21 | fi | ||
22 | |||
23 | if [ -z "$version" ] && [ ! -e /etc/ssh/sshd_config ] | ||
24 | then | ||
25 | db_input medium ssh/protocol2_only || true | ||
26 | fi | ||
27 | |||
28 | if [ -e /etc/ssh/sshd_config ] | ||
29 | then | ||
30 | if dpkg --compare-versions "$version" lt-nl 1:1.3 ; | ||
31 | then db_input medium ssh/new_config || true | ||
32 | db_go | ||
33 | db_get ssh/new_config | ||
34 | if [ "$RET" = "true" ]; | ||
35 | then db_input medium ssh/protocol2_only ||true | ||
36 | fi | ||
37 | fi | ||
38 | fi | ||
39 | |||
40 | if [ -x /usr/sbin/in.telnetd ] && grep -q "^telnet\b" /etc/inetd.conf | ||
41 | then | ||
42 | if ! /usr/sbin/in.telnetd -? 2>&1 | grep -q ssl 2>/dev/null | ||
43 | then | ||
44 | db_input low ssh/insecure_telnetd || true | ||
45 | fi | ||
46 | fi | ||
47 | |||
48 | key=/etc/ssh/ssh_host_key | ||
49 | export key | ||
50 | if [ -n "$version" ] && [ -f $key ] && [ ! -x /usr/bin/ssh-keygen ] && | ||
51 | dpkg --compare-versions "$version" lt 1.2.28 | ||
52 | then | ||
53 | # make sure that keys get updated to get rid of IDEA; preinst | ||
54 | # actually does the work, but if the old ssh-keygen is not found, | ||
55 | # it can't do that -- thus, we tell the user that he must create | ||
56 | # a new host key. | ||
57 | echo -en '\0\0' | 3<&0 sh -c \ | ||
58 | 'dd if=$key bs=1 skip=32 count=2 2>/dev/null | cmp -s - /dev/fd/3' || { | ||
59 | # this means that bytes 32&33 of the key were not both zero, in which | ||
60 | # case the key is encrypted, which we need to fix | ||
61 | db_input high ssh/encrypted_host_key_but_no_keygen || true | ||
62 | } | ||
63 | fi | ||
64 | |||
65 | |||
66 | db_input low ssh/forward_warning || true | ||
67 | |||
68 | db_go | ||
69 | |||
70 | exit 0 | ||