1 files changed, 269 insertions, 0 deletions
diff --git a/debian/postinst.old b/debian/postinst.old
new file mode 100644
index 000000000..586da1cc6
--- /dev/null
+++ b/debian/postinst.old
@@ -0,0 +1,269 @@
+#!/bin/sh -e
+action="$1"
+oldversion="$2"
+test -e /usr/share/debconf/confmodule && {
+  . /usr/share/debconf/confmodule
+    db_version 2.0
+}
+if [ "$action" != configure ]
+  then
+  exit 0
+fi
+check_idea_key() {
+    #check for old host_key files using IDEA, which openssh does not support
+        if [ -f /etc/ssh/ssh_host_key ] ; then
+                if ssh-keygen -p -N '' -f /etc/ssh/ssh_host_key 2>&1 | \
+                                grep -q 'unknown cipher' 2>/dev/null ; then
+      mv /etc/ssh/ssh_host_key /etc/ssh/ssh_host_key.old
+      mv /etc/ssh/ssh_host_key.pub /etc/ssh/ssh_host_key.pub.old
+  fi
+        fi
+}
+create_key() {
+        local file="$1"
+        shift
+        if [ ! -f "$file" ] ; then
+                ( umask 022 ; \
+                  ssh-keygen -f "$file" -N '' "$@" > /dev/null )
+  fi
+}
+create_keys() {
+        RET=true
+test -e /usr/share/debconf/confmodule && {
+                db_get ssh/protocol2_only
+}
+        if [ "$RET" = "false" ] ; then
+                echo "Creating SSH1 key"
+                create_key /etc/ssh/ssh_host_key
+fi
+        echo "Creating SSH2 RSA key"
+        create_key /etc/ssh/ssh_host_rsa_key -t rsa
+        echo "Creating SSH2 DSA key"
+        create_key /etc/ssh/ssh_host_dsa_key -t dsa
+}
+create_sshdconfig() {
+        [ -e /etc/ssh/sshd_config ] && return
+RET=true
+test -e /usr/share/debconf/confmodule && {
+                db_get ssh/protocol2_only
+}
+        cat <<EOF > /etc/ssh/sshd_config
+# Package generated configuration file
+# See the sshd(8) manpage for defails
+# What ports, IPs and protocols we listen for
+Port 22
+# Uncomment the next entry to accept IPv6 traffic.
+#ListenAddress ::
+#ListenAddress 0.0.0.0
+EOF
+if [ "$RET" = "false" ]; then
+                cat <<EOF >> /etc/ssh/sshd_config
+Protocol 2,1
+# HostKeys for protocol version 1
+HostKey /etc/ssh/ssh_host_key
+# HostKeys for protocol version 2
+HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_dsa_key
+EOF
+else
+        cat <<EOF >> /etc/ssh/sshd_config
+Protocol 2
+# HostKeys for protocol version 2
+HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_dsa_key
+EOF
+fi
+        cat <<EOF >> /etc/ssh/sshd_config
+# Lifetime and size of ephemeral version 1 server key
+KeyRegenerationInterval 3600
+ServerKeyBits 768
+# Logging
+SyslogFacility AUTH
+LogLevel INFO
+# Authentication:
+LoginGraceTime 600
+PermitRootLogin no
+StrictModes yes
+RSAAuthentication yes
+PubkeyAuthentication yes
+#AuthorizedKeysFile     %h/.ssh/authorized_keys
+# rhosts authentication should not be used
+RhostsAuthentication no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+IgnoreRhosts yes
+# For this to work you will also need host keys in /etc/ssh_known_hosts
+RhostsRSAAuthentication no
+# similar for protocol version 2
+HostbasedAuthentication no
+# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
+#IgnoreUserKnownHosts yes
+# To disable tunneled clear text passwords, change to no here!
+PermitEmptyPasswords no
+# Uncomment to disable s/key passwords 
+#ChallengeResponseAuthentication no
+# Use PAM authentication via keyboard-interactive so PAM modules can
+# properly interface with the user
+PasswordAuthentication no
+PAMAuthenticationViaKbdInt yes
+# To change Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#AFSTokenPassing no
+#KerberosTicketCleanup no
+# Kerberos TGT Passing does only work with the AFS kaserver
+#KerberosTgtPassing yes
+X11Forwarding no
+X11DisplayOffset 10
+PrintMotd no
+#PrintLastLog no
+KeepAlive yes
+#UseLogin no
+#MaxStartups 10:30:60
+#Banner /etc/issue.net
+#ReverseMappingCheck yes
+Subsystem       sftp    /usr/libexec/sftp-server
+EOF
+}
+fix_rsh_diversion() {
+# get rid of mistaken rsh diversion (circa 1.2.27-1)
+        if [ -L /usr/bin/rsh ] &&
+                dpkg-divert --list '/usr/bin/rsh.real/rsh' | grep -q ' ssh$' ; then
+                for cmd in rlogin  rsh rcp ; do
+                        [ -L /usr/bin/$cmd ] && rm /usr/bin/$cmd
+                        dpkg-divert --package ssh --remove --rename \
+                                --divert /usr/bin/rsh.real/$cmd /usr/bin/$cmd
+                        [ -L /usr/man/man1/$cmd.1.gz ] && rm /usr/man/man1/$$cmd.1.gz
+                        dpkg-divert --package ssh --remove --rename \
+                                --divert /usr/man/man1/$cmd.real.1.gz /usr/man/man1/$cmd.1.gz
+                done
+                rmdir /usr/bin/rsh.real
+        fi
+}
+fix_statoverride() {
+# Remove an erronous override for sshd (we should have overridden ssh)
+if [ -x /usr/sbin/dpkg-statoverride ]; then
+                if dpkg-statoverride --list /usr/sbin/sshd 2>/dev/null ; then
+                        dpkg-statoverride --remote /usr/sbin/sshd
+                fi
+                fi
+}
+create_alternatives() {
+# Create alternatives for the various r* tools
+# Make sure we don't change existing alternatives that a user might have
+# changed
+        for cmd in rsh rlogin rcp ; do
+                if ! update-alternatives --display $cmd | \
+                                grep -q ssh ; then
+                        update-alternatives --quiet --install /usr/bin/$cmd $cmd /usr/bin/ssh 20 \
+                                --slave /usr/share/man/man1/$cmd.1.gz $cmd.1.gz /usr/share/man/man1/ssh.1.gz
+        fi
+        done
+        
+}
+set_sshd_permissions() {
+        suid=no
+        [ -e /usr/share/debconf/confmodule ] && {
+                db_get ssh/SUID_client
+                suid="$RET"
+        }
+        if [ "$suid" = "yes" ] ; then
+                if [ -x /usr/sbin/dpkg-statoverride ] && \
+                        ! dpkg-statoverride /usr/bin/ssh ; then
+                        dpkg-statoverride --add root root 04755 /usr/bin/ssh
+fi
+        fi
+}
+setup_startup() {
+        start=yes
+        [ -e /usr/share/debconf/confmodule ] && {
+                db_get ssh/run_sshd
+                start="$RET"
+        }
+        if [ "$start" != "true" ] ; then
+                touch /etc/ssh/sshd_not_to_be_run
+        else
+                rm -f /etc/ssh/sshd_not_to_be_run 2>/dev/null
+        fi
+}
+setup_init() {
+if [ -e /etc/init.d/ssh ]; then
+    update-rc.d ssh defaults >/dev/null
+    /etc/init.d/ssh restart
+fi
+}
+check_idea_key
+create_keys
+create_sshdconfig
+fix_rsh_diversion
+fix_statoverride
+create_alternatives
+set_sshd_permissions
+setup_startup
+setup_init
+# Automatically added by dh_installdocs
+if [ "$1" = "configure" ]; then
+        if [ -d /usr/doc -a ! -e /usr/doc/ssh -a -d /usr/share/doc/ssh ]; then
+                ln -sf ../share/doc/ssh /usr/doc/ssh
+        fi
+fi
+# End automatically added section
+[ -e /usr/share/debconf/confmodule ] && db_stop
+exit 0

diff --git a/debian/postinst.old b/debian/postinst.old new file mode 100644 index 000000000..586da1cc6 --- /dev/null +++ b/debian/postinst.old
@@ -0,0 +1,269 @@
	1	#!/bin/sh -e
	2
	3	action="$1"
	4	oldversion="$2"
	5
	6	test -e /usr/share/debconf/confmodule && {
	7	. /usr/share/debconf/confmodule
	8	db_version 2.0
	9	}
	10
	11
	12	if [ "$action" != configure ]
	13	then
	14	exit 0
	15	fi
	16
	17
	18
	19	check_idea_key() {
	20	#check for old host_key files using IDEA, which openssh does not support
	21	if [ -f /etc/ssh/ssh_host_key ] ; then
	22	if ssh-keygen -p -N '' -f /etc/ssh/ssh_host_key 2>&1 \| \
	23	grep -q 'unknown cipher' 2>/dev/null ; then
	24	mv /etc/ssh/ssh_host_key /etc/ssh/ssh_host_key.old
	25	mv /etc/ssh/ssh_host_key.pub /etc/ssh/ssh_host_key.pub.old
	26	fi
	27	fi
	28	}
	29
	30
	31	create_key() {
	32	local file="$1"
	33	shift
	34
	35	if [ ! -f "$file" ] ; then
	36	( umask 022 ; \
	37	ssh-keygen -f "$file" -N '' "$@" > /dev/null )
	38	fi
	39	}
	40
	41
	42	create_keys() {
	43	RET=true
	44	test -e /usr/share/debconf/confmodule && {
	45	db_get ssh/protocol2_only
	46	}
	47
	48	if [ "$RET" = "false" ] ; then
	49	echo "Creating SSH1 key"
	50	create_key /etc/ssh/ssh_host_key
	51	fi
	52
	53	echo "Creating SSH2 RSA key"
	54	create_key /etc/ssh/ssh_host_rsa_key -t rsa
	55	echo "Creating SSH2 DSA key"
	56	create_key /etc/ssh/ssh_host_dsa_key -t dsa
	57	}
	58
	59
	60	create_sshdconfig() {
	61	[ -e /etc/ssh/sshd_config ] && return
	62
	63	RET=true
	64	test -e /usr/share/debconf/confmodule && {
	65	db_get ssh/protocol2_only
	66	}
	67
	68	cat <<EOF > /etc/ssh/sshd_config
	69	# Package generated configuration file
	70	# See the sshd(8) manpage for defails
	71
	72	# What ports, IPs and protocols we listen for
	73	Port 22
	74	# Uncomment the next entry to accept IPv6 traffic.
	75	#ListenAddress ::
	76	#ListenAddress 0.0.0.0
	77	EOF
	78	if [ "$RET" = "false" ]; then
	79	cat <<EOF >> /etc/ssh/sshd_config
	80	Protocol 2,1
	81	# HostKeys for protocol version 1
	82	HostKey /etc/ssh/ssh_host_key
	83	# HostKeys for protocol version 2
	84	HostKey /etc/ssh/ssh_host_rsa_key
	85	HostKey /etc/ssh/ssh_host_dsa_key
	86	EOF
	87	else
	88	cat <<EOF >> /etc/ssh/sshd_config
	89	Protocol 2
	90	# HostKeys for protocol version 2
	91	HostKey /etc/ssh/ssh_host_rsa_key
	92	HostKey /etc/ssh/ssh_host_dsa_key
	93	EOF
	94	fi
	95
	96
	97	cat <<EOF >> /etc/ssh/sshd_config
	98	# Lifetime and size of ephemeral version 1 server key
	99	KeyRegenerationInterval 3600
	100	ServerKeyBits 768
	101
	102	# Logging
	103	SyslogFacility AUTH
	104	LogLevel INFO
	105
	106	# Authentication:
	107	LoginGraceTime 600
	108	PermitRootLogin no
	109	StrictModes yes
	110
	111	RSAAuthentication yes
	112	PubkeyAuthentication yes
	113	#AuthorizedKeysFile %h/.ssh/authorized_keys
	114
	115	# rhosts authentication should not be used
	116	RhostsAuthentication no
	117	# Don't read the user's ~/.rhosts and ~/.shosts files
	118	IgnoreRhosts yes
	119	# For this to work you will also need host keys in /etc/ssh_known_hosts
	120	RhostsRSAAuthentication no
	121	# similar for protocol version 2
	122	HostbasedAuthentication no
	123	# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
	124	#IgnoreUserKnownHosts yes
	125
	126	# To disable tunneled clear text passwords, change to no here!
	127	PermitEmptyPasswords no
	128
	129	# Uncomment to disable s/key passwords
	130	#ChallengeResponseAuthentication no
	131
	132	# Use PAM authentication via keyboard-interactive so PAM modules can
	133	# properly interface with the user
	134	PasswordAuthentication no
	135	PAMAuthenticationViaKbdInt yes
	136
	137	# To change Kerberos options
	138	#KerberosAuthentication no
	139	#KerberosOrLocalPasswd yes
	140	#AFSTokenPassing no
	141	#KerberosTicketCleanup no
	142
	143	# Kerberos TGT Passing does only work with the AFS kaserver
	144	#KerberosTgtPassing yes
	145
	146	X11Forwarding no
	147	X11DisplayOffset 10
	148	PrintMotd no
	149	#PrintLastLog no
	150	KeepAlive yes
	151	#UseLogin no
	152
	153	#MaxStartups 10:30:60
	154	#Banner /etc/issue.net
	155	#ReverseMappingCheck yes
	156
	157	Subsystem sftp /usr/libexec/sftp-server
	158	EOF
	159	}
	160
	161
	162	fix_rsh_diversion() {
	163	# get rid of mistaken rsh diversion (circa 1.2.27-1)
	164
	165	if [ -L /usr/bin/rsh ] &&
	166	dpkg-divert --list '/usr/bin/rsh.real/rsh' \| grep -q ' ssh$' ; then
	167	for cmd in rlogin rsh rcp ; do
	168	[ -L /usr/bin/$cmd ] && rm /usr/bin/$cmd
	169	dpkg-divert --package ssh --remove --rename \
	170	--divert /usr/bin/rsh.real/$cmd /usr/bin/$cmd
	171
	172	[ -L /usr/man/man1/$cmd.1.gz ] && rm /usr/man/man1/$$cmd.1.gz
	173	dpkg-divert --package ssh --remove --rename \
	174	--divert /usr/man/man1/$cmd.real.1.gz /usr/man/man1/$cmd.1.gz
	175	done
	176
	177	rmdir /usr/bin/rsh.real
	178	fi
	179	}
	180
	181
	182	fix_statoverride() {
	183	# Remove an erronous override for sshd (we should have overridden ssh)
	184	if [ -x /usr/sbin/dpkg-statoverride ]; then
	185	if dpkg-statoverride --list /usr/sbin/sshd 2>/dev/null ; then
	186	dpkg-statoverride --remote /usr/sbin/sshd
	187	fi
	188	fi
	189	}
	190
	191
	192	create_alternatives() {
	193	# Create alternatives for the various r* tools
	194	# Make sure we don't change existing alternatives that a user might have
	195	# changed
	196	for cmd in rsh rlogin rcp ; do
	197	if ! update-alternatives --display $cmd \| \
	198	grep -q ssh ; then
	199	update-alternatives --quiet --install /usr/bin/$cmd $cmd /usr/bin/ssh 20 \
	200	--slave /usr/share/man/man1/$cmd.1.gz $cmd.1.gz /usr/share/man/man1/ssh.1.gz
	201	fi
	202	done
	203
	204	}
	205
	206
	207	set_sshd_permissions() {
	208	suid=no
	209
	210	[ -e /usr/share/debconf/confmodule ] && {
	211	db_get ssh/SUID_client
	212	suid="$RET"
	213	}
	214
	215	if [ "$suid" = "yes" ] ; then
	216	if [ -x /usr/sbin/dpkg-statoverride ] && \
	217	! dpkg-statoverride /usr/bin/ssh ; then
	218	dpkg-statoverride --add root root 04755 /usr/bin/ssh
	219	fi
	220	fi
	221	}
	222
	223
	224	setup_startup() {
	225	start=yes
	226	[ -e /usr/share/debconf/confmodule ] && {
	227	db_get ssh/run_sshd
	228	start="$RET"
	229	}
	230
	231	if [ "$start" != "true" ] ; then
	232	touch /etc/ssh/sshd_not_to_be_run
	233	else
	234	rm -f /etc/ssh/sshd_not_to_be_run 2>/dev/null
	235	fi
	236	}
	237
	238
	239	setup_init() {
	240	if [ -e /etc/init.d/ssh ]; then
	241	update-rc.d ssh defaults >/dev/null
	242	/etc/init.d/ssh restart
	243	fi
	244	}
	245
	246	check_idea_key
	247	create_keys
	248	create_sshdconfig
	249	fix_rsh_diversion
	250	fix_statoverride
	251	create_alternatives
	252	set_sshd_permissions
	253	setup_startup
	254	setup_init
	255
	256
	257	# Automatically added by dh_installdocs
	258	if [ "$1" = "configure" ]; then
	259	if [ -d /usr/doc -a ! -e /usr/doc/ssh -a -d /usr/share/doc/ssh ]; then
	260	ln -sf ../share/doc/ssh /usr/doc/ssh
	261	fi
	262	fi
	263	# End automatically added section
	264
	265
	266	[ -e /usr/share/debconf/confmodule ] && db_stop
	267
	268	exit 0
	269