1 files changed, 84 insertions, 0 deletions
diff --git a/debian/openssh-server.config b/debian/openssh-server.config
new file mode 100644
index 000000000..8bc23020d
--- /dev/null
+++ b/debian/openssh-server.config
@@ -0,0 +1,84 @@
+#!/bin/sh 
+action=$1
+version=$2
+# Source debconf library.
+. /usr/share/debconf/confmodule
+db_version 2.0
+get_config_option() {
+        option="$1"
+        [ -f /etc/ssh/sshd_config ] || return
+        # TODO: actually only one '=' allowed after option
+        perl -ne 'print if s/^[[:space:]]*'"$option"'[[:space:]=]+//i' \
+           /etc/ssh/sshd_config 2>/dev/null
+}
+if [ -e /etc/init.d/ssh ] && ! grep -q pidfile /etc/init.d/ssh
+then
+  db_fset ssh/use_old_init_script seen false
+  db_input medium ssh/use_old_init_script || true
+  db_go
+  db_get ssh/use_old_init_script
+  [ "$RET" = "false" ] && exit 0
+else
+  db_set ssh/use_old_init_script true
+  db_fset ssh/use_old_init_script seen true
+fi
+if [ -e /etc/ssh/sshd_config ]
+then
+    if dpkg --compare-versions "$version" lt-nl 1:1.3 ; 
+    then db_input medium ssh/new_config || true
+        db_go
+    fi
+    # An empty version means we're upgrading from before the package split,
+    # so check.
+    if dpkg --compare-versions "$version" lt 1:3.8.1p1-11
+    then
+        passwordauth="$(get_config_option PasswordAuthentication)"
+        crauth="$(get_config_option ChallengeResponseAuthentication)"
+        if [ "$passwordauth" = no ] && \
+           ([ -z "$crauth" ] || [ "$crauth" = yes ])
+        then
+            db_input critical ssh/disable_cr_auth || true
+        fi
+    fi
+fi 
+if [ -x /usr/sbin/in.telnetd ] && grep -q "^telnet\b" /etc/inetd.conf
+then
+  if ! /usr/sbin/in.telnetd -? 2>&1 | grep -q ssl 2>/dev/null
+  then 
+    db_input low ssh/insecure_telnetd || true
+  fi
+fi
+key=/etc/ssh/ssh_host_key
+export key
+if [ -n "$version" ] && [ -f $key ] && [ ! -x /usr/bin/ssh-keygen ] &&
+     dpkg --compare-versions "$version" lt 1.2.28
+then
+  # make sure that keys get updated to get rid of IDEA; preinst
+  # actually does the work, but if the old ssh-keygen is not found,
+  # it can't do that -- thus, we tell the user that he must create
+  # a new host key.
+  echo -en '\0\0' | 3<&0 sh -c \
+      'dd if=$key bs=1 skip=32 count=2 2>/dev/null | cmp -s - /dev/fd/3' || {
+    # this means that bytes 32&33 of the key were not both zero, in which
+    # case the key is encrypted, which we need to fix
+    db_input high ssh/encrypted_host_key_but_no_keygen || true
+  }
+fi
+db_go
+exit 0

diff --git a/debian/openssh-server.config b/debian/openssh-server.config new file mode 100644 index 000000000..8bc23020d --- /dev/null +++ b/debian/openssh-server.config
@@ -0,0 +1,84 @@
	1	#!/bin/sh
	2
	3	action=$1
	4	version=$2
	5
	6	# Source debconf library.
	7	. /usr/share/debconf/confmodule
	8	db_version 2.0
	9
	10
	11	get_config_option() {
	12	option="$1"
	13
	14	[ -f /etc/ssh/sshd_config ] \|\| return
	15
	16	# TODO: actually only one '=' allowed after option
	17	perl -ne 'print if s/^[[:space:]]*'"$option"'[[:space:]=]+//i' \
	18	/etc/ssh/sshd_config 2>/dev/null
	19	}
	20
	21
	22	if [ -e /etc/init.d/ssh ] && ! grep -q pidfile /etc/init.d/ssh
	23	then
	24	db_fset ssh/use_old_init_script seen false
	25	db_input medium ssh/use_old_init_script \|\| true
	26	db_go
	27
	28	db_get ssh/use_old_init_script
	29	[ "$RET" = "false" ] && exit 0
	30	else
	31	db_set ssh/use_old_init_script true
	32	db_fset ssh/use_old_init_script seen true
	33	fi
	34
	35	if [ -e /etc/ssh/sshd_config ]
	36	then
	37	if dpkg --compare-versions "$version" lt-nl 1:1.3 ;
	38	then db_input medium ssh/new_config \|\| true
	39	db_go
	40	fi
	41
	42	# An empty version means we're upgrading from before the package split,
	43	# so check.
	44	if dpkg --compare-versions "$version" lt 1:3.8.1p1-11
	45	then
	46	passwordauth="$(get_config_option PasswordAuthentication)"
	47	crauth="$(get_config_option ChallengeResponseAuthentication)"
	48	if [ "$passwordauth" = no ] && \
	49	([ -z "$crauth" ] \|\| [ "$crauth" = yes ])
	50	then
	51	db_input critical ssh/disable_cr_auth \|\| true
	52	fi
	53	fi
	54	fi
	55
	56	if [ -x /usr/sbin/in.telnetd ] && grep -q "^telnet\b" /etc/inetd.conf
	57	then
	58	if ! /usr/sbin/in.telnetd -? 2>&1 \| grep -q ssl 2>/dev/null
	59	then
	60	db_input low ssh/insecure_telnetd \|\| true
	61	fi
	62	fi
	63
	64	key=/etc/ssh/ssh_host_key
	65	export key
	66	if [ -n "$version" ] && [ -f $key ] && [ ! -x /usr/bin/ssh-keygen ] &&
	67	dpkg --compare-versions "$version" lt 1.2.28
	68	then
	69	# make sure that keys get updated to get rid of IDEA; preinst
	70	# actually does the work, but if the old ssh-keygen is not found,
	71	# it can't do that -- thus, we tell the user that he must create
	72	# a new host key.
	73	echo -en '\0\0' \| 3<&0 sh -c \
	74	'dd if=$key bs=1 skip=32 count=2 2>/dev/null \| cmp -s - /dev/fd/3' \|\| {
	75	# this means that bytes 32&33 of the key were not both zero, in which
	76	# case the key is encrypted, which we need to fix
	77	db_input high ssh/encrypted_host_key_but_no_keygen \|\| true
	78	}
	79	fi
	80
	81
	82	db_go
	83
	84	exit 0