diff options
Diffstat (limited to 'debian/openssh-server.templates')
| -rw-r--r-- | debian/openssh-server.templates | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/debian/openssh-server.templates b/debian/openssh-server.templates new file mode 100644 index 000000000..2cc62f8f1 --- /dev/null +++ b/debian/openssh-server.templates | |||
| @@ -0,0 +1,64 @@ | |||
| 1 | # These templates have been reviewed by the debian-l10n-english | ||
| 2 | # team | ||
| 3 | # | ||
| 4 | # If modifications/additions/rewording are needed, please ask | ||
| 5 | # for an advice to debian-l10n-english@lists.debian.org | ||
| 6 | # | ||
| 7 | # Even minor modifications require translation updates and such | ||
| 8 | # changes should be coordinated with translators and reviewers. | ||
| 9 | # | ||
| 10 | Template: ssh/new_config | ||
| 11 | Type: boolean | ||
| 12 | Default: true | ||
| 13 | _Description: Generate a new configuration file for OpenSSH? | ||
| 14 | This version of OpenSSH has a considerably changed configuration file from | ||
| 15 | the version shipped in Debian 'Potato', which you appear to be upgrading | ||
| 16 | from. This package can now generate a new configuration file | ||
| 17 | (/etc/ssh/sshd.config), which will work with the new server version, but | ||
| 18 | will not contain any customizations you made with the old version. | ||
| 19 | . | ||
| 20 | Please note that this new configuration file will set the value of | ||
| 21 | 'PermitRootLogin' to 'yes' (meaning that anyone knowing the root password | ||
| 22 | can ssh directly in as root). Please read the README.Debian file for | ||
| 23 | more details about this design choice. | ||
| 24 | . | ||
| 25 | It is strongly recommended that you choose to generate a new | ||
| 26 | configuration file now. | ||
| 27 | |||
| 28 | Template: ssh/use_old_init_script | ||
| 29 | Type: boolean | ||
| 30 | Default: false | ||
| 31 | _Description: Do you want to risk killing active SSH sessions? | ||
| 32 | The currently installed version of /etc/init.d/ssh is likely to kill | ||
| 33 | all running sshd instances. If you are doing this upgrade via an SSH | ||
| 34 | session, you're likely to be disconnected and leave the upgrade | ||
| 35 | procedure unfinished. | ||
| 36 | . | ||
| 37 | This can be fixed by manually adding "--pidfile /var/run/sshd.pid" to | ||
| 38 | the start-stop-daemon line in the stop section of the file. | ||
| 39 | |||
| 40 | Template: ssh/encrypted_host_key_but_no_keygen | ||
| 41 | Type: note | ||
| 42 | _Description: New host key mandatory | ||
| 43 | The current host key, in /etc/ssh/ssh_host_key, is encrypted with the | ||
| 44 | IDEA algorithm. OpenSSH can not handle this host key file, and the | ||
| 45 | ssh-keygen utility from the old (non-free) SSH installation does not | ||
| 46 | appear to be available. | ||
| 47 | . | ||
| 48 | You need to manually generate a new host key. | ||
| 49 | |||
| 50 | Template: ssh/disable_cr_auth | ||
| 51 | Type: boolean | ||
| 52 | Default: false | ||
| 53 | _Description: Disable challenge-response authentication? | ||
| 54 | Password authentication appears to be disabled in the current OpenSSH | ||
| 55 | server configuration. In order to prevent users from logging in using | ||
| 56 | passwords (perhaps using only public key authentication instead) with | ||
| 57 | recent versions of OpenSSH, you must disable challenge-response | ||
| 58 | authentication, or else ensure that your PAM configuration does not allow | ||
| 59 | Unix password file authentication. | ||
| 60 | . | ||
| 61 | If you disable challenge-response authentication, then users will not be | ||
| 62 | able to log in using passwords. If you leave it enabled (the default | ||
| 63 | answer), then the 'PasswordAuthentication no' option will have no useful | ||
| 64 | effect unless you also adjust your PAM configuration in /etc/pam.d/ssh. | ||