diff options
Diffstat (limited to 'debian/openssh-server.templates.master')
-rw-r--r-- | debian/openssh-server.templates.master | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/debian/openssh-server.templates.master b/debian/openssh-server.templates.master new file mode 100644 index 000000000..3f7f017fd --- /dev/null +++ b/debian/openssh-server.templates.master | |||
@@ -0,0 +1,69 @@ | |||
1 | Template: ssh/new_config | ||
2 | Type: boolean | ||
3 | Default: true | ||
4 | _Description: Generate new configuration file | ||
5 | This version of OpenSSH has a considerably changed configuration file from | ||
6 | the version shipped in Debian 'Potato', which you appear to be upgrading | ||
7 | from. I can now generate you a new configuration file | ||
8 | (/etc/ssh/sshd.config), which will work with the new server version, but | ||
9 | will not contain any customisations you made with the old version. | ||
10 | . | ||
11 | Please note that this new configuration file will set the value of | ||
12 | 'PermitRootLogin' to yes (meaning that anyone knowing the root password | ||
13 | can ssh directly in as root). It is the opinion of the maintainer that | ||
14 | this is the correct default (see README.Debian for more details), but you | ||
15 | can always edit sshd_config and set it to no if you wish. | ||
16 | . | ||
17 | It is strongly recommended that you let me generate a new configuration | ||
18 | file for you. | ||
19 | |||
20 | Template: ssh/use_old_init_script | ||
21 | Type: boolean | ||
22 | Default: false | ||
23 | _Description: Do you want to continue (and risk killing active ssh sessions)? | ||
24 | The version of /etc/init.d/ssh that you have installed, is likely to kill | ||
25 | all running sshd instances. If you are doing this upgrade via an ssh | ||
26 | session, that would be a Bad Thing(tm). | ||
27 | . | ||
28 | You can fix this by adding "--pidfile /var/run/sshd.pid" to the | ||
29 | start-stop-daemon line in the stop section of the file. | ||
30 | |||
31 | Template: ssh/insecure_rshd | ||
32 | Type: note | ||
33 | _Description: Warning: rsh-server is installed --- probably not a good idea | ||
34 | having rsh-server installed undermines the security that you were probably | ||
35 | wanting to obtain by installing ssh. I'd advise you to remove that | ||
36 | package. | ||
37 | |||
38 | Template: ssh/insecure_telnetd | ||
39 | Type: note | ||
40 | _Description: Warning: telnetd is installed --- probably not a good idea | ||
41 | I'd advise you to either remove the telnetd package (if you don't actually | ||
42 | need to offer telnet access) or install telnetd-ssl so that there is at | ||
43 | least some chance that telnet sessions will not be sending unencrypted | ||
44 | login/password and session information over the network. | ||
45 | |||
46 | Template: ssh/encrypted_host_key_but_no_keygen | ||
47 | Type: note | ||
48 | _Description: Warning: you must create a new host key | ||
49 | There is an old /etc/ssh/ssh_host_key, which is IDEA encrypted. OpenSSH | ||
50 | can not handle this host key file, and I can't find the ssh-keygen utility | ||
51 | from the old (non-free) SSH installation. | ||
52 | . | ||
53 | You will need to generate a new host key. | ||
54 | |||
55 | Template: ssh/disable_cr_auth | ||
56 | Type: boolean | ||
57 | Default: false | ||
58 | _Description: Disable challenge-response authentication? | ||
59 | Password authentication appears to be disabled in your current OpenSSH | ||
60 | server configuration. In order to prevent users from logging in using | ||
61 | passwords (perhaps using only public key authentication instead) with | ||
62 | recent versions of OpenSSH, you must disable challenge-response | ||
63 | authentication, or else ensure that your PAM configuration does not allow | ||
64 | Unix password file authentication. | ||
65 | . | ||
66 | If you disable challenge-response authentication, then users will not be | ||
67 | able to log in using passwords. If you leave it enabled (the default | ||
68 | answer), then the 'PasswordAuthentication no' option will have no useful | ||
69 | effect unless you also adjust your PAM configuration in /etc/pam.d/ssh. | ||