summaryrefslogtreecommitdiff
path: root/debian/openssh-server.templates.master
diff options
context:
space:
mode:
Diffstat (limited to 'debian/openssh-server.templates.master')
-rw-r--r--debian/openssh-server.templates.master69
1 files changed, 69 insertions, 0 deletions
diff --git a/debian/openssh-server.templates.master b/debian/openssh-server.templates.master
new file mode 100644
index 000000000..3f7f017fd
--- /dev/null
+++ b/debian/openssh-server.templates.master
@@ -0,0 +1,69 @@
1Template: ssh/new_config
2Type: boolean
3Default: true
4_Description: Generate new configuration file
5 This version of OpenSSH has a considerably changed configuration file from
6 the version shipped in Debian 'Potato', which you appear to be upgrading
7 from. I can now generate you a new configuration file
8 (/etc/ssh/sshd.config), which will work with the new server version, but
9 will not contain any customisations you made with the old version.
10 .
11 Please note that this new configuration file will set the value of
12 'PermitRootLogin' to yes (meaning that anyone knowing the root password
13 can ssh directly in as root). It is the opinion of the maintainer that
14 this is the correct default (see README.Debian for more details), but you
15 can always edit sshd_config and set it to no if you wish.
16 .
17 It is strongly recommended that you let me generate a new configuration
18 file for you.
19
20Template: ssh/use_old_init_script
21Type: boolean
22Default: false
23_Description: Do you want to continue (and risk killing active ssh sessions)?
24 The version of /etc/init.d/ssh that you have installed, is likely to kill
25 all running sshd instances. If you are doing this upgrade via an ssh
26 session, that would be a Bad Thing(tm).
27 .
28 You can fix this by adding "--pidfile /var/run/sshd.pid" to the
29 start-stop-daemon line in the stop section of the file.
30
31Template: ssh/insecure_rshd
32Type: note
33_Description: Warning: rsh-server is installed --- probably not a good idea
34 having rsh-server installed undermines the security that you were probably
35 wanting to obtain by installing ssh. I'd advise you to remove that
36 package.
37
38Template: ssh/insecure_telnetd
39Type: note
40_Description: Warning: telnetd is installed --- probably not a good idea
41 I'd advise you to either remove the telnetd package (if you don't actually
42 need to offer telnet access) or install telnetd-ssl so that there is at
43 least some chance that telnet sessions will not be sending unencrypted
44 login/password and session information over the network.
45
46Template: ssh/encrypted_host_key_but_no_keygen
47Type: note
48_Description: Warning: you must create a new host key
49 There is an old /etc/ssh/ssh_host_key, which is IDEA encrypted. OpenSSH
50 can not handle this host key file, and I can't find the ssh-keygen utility
51 from the old (non-free) SSH installation.
52 .
53 You will need to generate a new host key.
54
55Template: ssh/disable_cr_auth
56Type: boolean
57Default: false
58_Description: Disable challenge-response authentication?
59 Password authentication appears to be disabled in your current OpenSSH
60 server configuration. In order to prevent users from logging in using
61 passwords (perhaps using only public key authentication instead) with
62 recent versions of OpenSSH, you must disable challenge-response
63 authentication, or else ensure that your PAM configuration does not allow
64 Unix password file authentication.
65 .
66 If you disable challenge-response authentication, then users will not be
67 able to log in using passwords. If you leave it enabled (the default
68 answer), then the 'PasswordAuthentication no' option will have no useful
69 effect unless you also adjust your PAM configuration in /etc/pam.d/ssh.