diff options
Diffstat (limited to 'debian/postinst')
-rw-r--r-- | debian/postinst | 60 |
1 files changed, 18 insertions, 42 deletions
diff --git a/debian/postinst b/debian/postinst index 4d3598a31..8a1c7c588 100644 --- a/debian/postinst +++ b/debian/postinst | |||
@@ -3,10 +3,8 @@ | |||
3 | action="$1" | 3 | action="$1" |
4 | oldversion="$2" | 4 | oldversion="$2" |
5 | 5 | ||
6 | test -e /usr/share/debconf/confmodule && { | 6 | . /usr/share/debconf/confmodule |
7 | . /usr/share/debconf/confmodule | 7 | db_version 2.0 |
8 | db_version 2.0 | ||
9 | } | ||
10 | 8 | ||
11 | umask 022 | 9 | umask 022 |
12 | 10 | ||
@@ -44,11 +42,7 @@ create_key() { | |||
44 | 42 | ||
45 | 43 | ||
46 | create_keys() { | 44 | create_keys() { |
47 | RET=true | 45 | db_get ssh/protocol2_only |
48 | test -e /usr/share/debconf/confmodule && { | ||
49 | db_get ssh/protocol2_only | ||
50 | } | ||
51 | |||
52 | if [ "$RET" = "false" ] ; then | 46 | if [ "$RET" = "false" ] ; then |
53 | create_key "Creating SSH1 key; this may take some time ..." \ | 47 | create_key "Creating SSH1 key; this may take some time ..." \ |
54 | /etc/ssh/ssh_host_key -t rsa1 | 48 | /etc/ssh/ssh_host_key -t rsa1 |
@@ -64,18 +58,11 @@ create_keys() { | |||
64 | create_sshdconfig() { | 58 | create_sshdconfig() { |
65 | if [ -e /etc/ssh/sshd_config ] ; then | 59 | if [ -e /etc/ssh/sshd_config ] ; then |
66 | if dpkg --compare-versions "$oldversion" lt-nl 1:1.3 ; then | 60 | if dpkg --compare-versions "$oldversion" lt-nl 1:1.3 ; then |
67 | RET=true | 61 | db_get ssh/new_config |
68 | test -e /usr/share/debconf/confmodule && { | ||
69 | db_get ssh/new_config | ||
70 | } | ||
71 | if [ "$RET" = "false" ] ; then return 0; fi | 62 | if [ "$RET" = "false" ] ; then return 0; fi |
72 | else return 0 | 63 | else return 0 |
73 | fi | 64 | fi |
74 | fi | 65 | fi |
75 | RET=true | ||
76 | test -e /usr/share/debconf/confmodule && { | ||
77 | db_get ssh/protocol2_only | ||
78 | } | ||
79 | 66 | ||
80 | #Preserve old sshd_config before generating a new on | 67 | #Preserve old sshd_config before generating a new on |
81 | if [ -e /etc/ssh/sshd_config ] ; then | 68 | if [ -e /etc/ssh/sshd_config ] ; then |
@@ -92,6 +79,7 @@ Port 22 | |||
92 | #ListenAddress :: | 79 | #ListenAddress :: |
93 | #ListenAddress 0.0.0.0 | 80 | #ListenAddress 0.0.0.0 |
94 | EOF | 81 | EOF |
82 | db_get ssh/protocol2_only | ||
95 | if [ "$RET" = "false" ]; then | 83 | if [ "$RET" = "false" ]; then |
96 | cat <<EOF >> /etc/ssh/sshd_config | 84 | cat <<EOF >> /etc/ssh/sshd_config |
97 | Protocol 2,1 | 85 | Protocol 2,1 |
@@ -110,9 +98,7 @@ HostKey /etc/ssh/ssh_host_dsa_key | |||
110 | EOF | 98 | EOF |
111 | fi | 99 | fi |
112 | 100 | ||
113 | test -e /usr/share/debconf/confmodule && { | 101 | db_get ssh/privsep_ask |
114 | db_get ssh/privsep_ask | ||
115 | } | ||
116 | if [ "$RET" = "false" ]; then | 102 | if [ "$RET" = "false" ]; then |
117 | cat <<EOF >> /etc/ssh/sshd_config | 103 | cat <<EOF >> /etc/ssh/sshd_config |
118 | #Explicitly set PrivSep off, as requested | 104 | #Explicitly set PrivSep off, as requested |
@@ -166,8 +152,8 @@ HostbasedAuthentication no | |||
166 | # To enable empty passwords, change to yes (NOT RECOMMENDED) | 152 | # To enable empty passwords, change to yes (NOT RECOMMENDED) |
167 | PermitEmptyPasswords no | 153 | PermitEmptyPasswords no |
168 | 154 | ||
169 | # Uncomment to disable s/key passwords | 155 | # Change to no to disable s/key passwords |
170 | #ChallengeResponseAuthentication no | 156 | #ChallengeResponseAuthentication yes |
171 | 157 | ||
172 | # To disable tunneled clear text passwords, change to no here! | 158 | # To disable tunneled clear text passwords, change to no here! |
173 | PasswordAuthentication yes | 159 | PasswordAuthentication yes |
@@ -253,8 +239,6 @@ setup_sshd_user() { | |||
253 | } | 239 | } |
254 | 240 | ||
255 | set_sshd_permissions() { | 241 | set_sshd_permissions() { |
256 | suid=false | ||
257 | |||
258 | if dpkg --compare-versions "$oldversion" lt-nl 1:3.4p1-1 ; then | 242 | if dpkg --compare-versions "$oldversion" lt-nl 1:3.4p1-1 ; then |
259 | if [ -x /usr/sbin/dpkg-statoverride ] ; then | 243 | if [ -x /usr/sbin/dpkg-statoverride ] ; then |
260 | if dpkg-statoverride --list /usr/bin/ssh >/dev/null; then | 244 | if dpkg-statoverride --list /usr/bin/ssh >/dev/null; then |
@@ -263,17 +247,14 @@ set_sshd_permissions() { | |||
263 | fi | 247 | fi |
264 | fi | 248 | fi |
265 | 249 | ||
266 | [ -e /usr/share/debconf/confmodule ] && { | 250 | if [ ! -x /usr/sbin/dpkg-statoverride ] || \ |
251 | ! dpkg-statoverride --list /usr/lib/ssh-keysign >/dev/null ; then | ||
267 | db_get ssh/SUID_client | 252 | db_get ssh/SUID_client |
268 | suid="$RET" | 253 | if [ "$RET" = "false" ] ; then |
269 | } | 254 | chmod 0755 /usr/lib/ssh-keysign |
270 | if [ ! -x /usr/sbin/dpkg-statoverride ] || \ | 255 | elif [ "$RET" = "true" ] ; then |
271 | ! dpkg-statoverride --list /usr/lib/ssh-keysign >/dev/null ; then | 256 | chmod 4755 /usr/lib/ssh-keysign |
272 | if [ "$suid" = "false" ] ; then | 257 | fi |
273 | chmod 0755 /usr/lib/ssh-keysign | ||
274 | elif [ "$suid" = "true" ] ; then | ||
275 | chmod 4755 /usr/lib/ssh-keysign | ||
276 | fi | ||
277 | fi | 258 | fi |
278 | } | 259 | } |
279 | 260 | ||
@@ -300,13 +281,8 @@ set_ssh_agent_permissions() { | |||
300 | 281 | ||
301 | 282 | ||
302 | setup_startup() { | 283 | setup_startup() { |
303 | start=yes | 284 | db_get ssh/run_sshd |
304 | [ -e /usr/share/debconf/confmodule ] && { | 285 | if [ "$RET" = "false" ] ; then |
305 | db_get ssh/run_sshd | ||
306 | start="$RET" | ||
307 | } | ||
308 | |||
309 | if [ "$start" != "true" ] ; then | ||
310 | /etc/init.d/ssh stop 2>&1 >/dev/null | 286 | /etc/init.d/ssh stop 2>&1 >/dev/null |
311 | touch /etc/ssh/sshd_not_to_be_run | 287 | touch /etc/ssh/sshd_not_to_be_run |
312 | else | 288 | else |
@@ -336,7 +312,7 @@ setup_startup | |||
336 | setup_init | 312 | setup_init |
337 | 313 | ||
338 | 314 | ||
339 | [ -e /usr/share/debconf/confmodule ] && db_stop | 315 | db_stop |
340 | 316 | ||
341 | exit 0 | 317 | exit 0 |
342 | 318 | ||