diff options
Diffstat (limited to 'debian/templates')
-rw-r--r-- | debian/templates | 229 |
1 files changed, 229 insertions, 0 deletions
diff --git a/debian/templates b/debian/templates new file mode 100644 index 000000000..a9b4394d4 --- /dev/null +++ b/debian/templates | |||
@@ -0,0 +1,229 @@ | |||
1 | Template: ssh/privsep_tell | ||
2 | Type: note | ||
3 | Description: Privilege separation | ||
4 | This version of OpenSSH contains the new privilege separation | ||
5 | option. This significantly reduces the quantity of code that runs as | ||
6 | root, and therefore reduces the impact of security holes in sshd. | ||
7 | . | ||
8 | Unfortunately, privilege separation interacts badly with PAM. Any | ||
9 | PAM session modules that need to run as root (pam_mkhomedir, for | ||
10 | example) will fail, and PAM keyboard-interactive authentication | ||
11 | won't work. | ||
12 | . | ||
13 | Privilege separation is turned on by default, so if you decide you | ||
14 | want it turned off, you need to add "UsePrivilegeSeparation no" to | ||
15 | /etc/ssh/sshd_config | ||
16 | . | ||
17 | NB! If you are running a 2.0 series Linux kernel, then privilege | ||
18 | separation will not work at all, and your sshd will fail to start | ||
19 | unless you explicity turn privilege separation off. | ||
20 | |||
21 | Template: ssh/privsep_ask | ||
22 | Type: boolean | ||
23 | Default: true | ||
24 | Description: Enable Privilege separation | ||
25 | This version of OpenSSH contains the new privilege separation | ||
26 | option. This significantly reduces the quantity of code that runs as | ||
27 | root, and therefore reduces the impact of security holes in sshd. | ||
28 | . | ||
29 | Unfortunately, privilege separation interacts badly with PAM. Any | ||
30 | PAM session modules that need to run as root (pam_mkhomedir, for | ||
31 | example) will fail, and PAM keyboard-interactive authentication | ||
32 | won't work. | ||
33 | . | ||
34 | Since you've opted to have me generate an sshd_config file for you, | ||
35 | you can choose whether or not to have Privilege Separation turned on | ||
36 | or not. Unless you are running 2.0 (in which case you *must* say no | ||
37 | here or your sshd won't start at all) or know you need to use PAM | ||
38 | features that won't work with this option, you should say yes here. | ||
39 | |||
40 | Template: ssh/new_config | ||
41 | Type: boolean | ||
42 | Default: true | ||
43 | Description: Generate new configuration file | ||
44 | This version of OpenSSH has a considerably changed configuration file from | ||
45 | the version shipped in Debian 'Potato', which you appear to be upgrading from. | ||
46 | I can now generate you a new configuration file (/etc/ssh/sshd.config), which | ||
47 | will work with the new server version, but will not contain any customisations | ||
48 | you made with the old version. | ||
49 | . | ||
50 | Please note that this new configuration file will set the value of | ||
51 | 'PermitRootLogin' to yes (meaning that anyone knowing the root password can | ||
52 | ssh directly in as root). It is the opinion of the maintainer that this is | ||
53 | the correct default (see README.Debian for more details), but you can always | ||
54 | edit sshd_config and set it to no if you wish. | ||
55 | . | ||
56 | It is strongly recommended that you let me generate a new configuration file | ||
57 | for you | ||
58 | |||
59 | Template: ssh/protocol2_only | ||
60 | Type: boolean | ||
61 | Default: true | ||
62 | Description: Allow SSH protocol 2 only | ||
63 | This version of OpenSSH supports version 2 of the ssh protocol, which | ||
64 | is much more secure. Disabling ssh 1 is encouraged, however this | ||
65 | will slow things down on low end machines and might prevent older | ||
66 | clients from connecting (the ssh client shipped with "potato" is affected). | ||
67 | . | ||
68 | Also please note that keys used for protocol 1 are different so you will | ||
69 | not be able to use them if you only allow protocol 2 connections. | ||
70 | . | ||
71 | If you later change your mind about this setting, README.Debian has | ||
72 | instructions on what to do to your sshd_config file. | ||
73 | |||
74 | Template: ssh/ssh2_keys_merged | ||
75 | Type: note | ||
76 | Description: ssh2 keys merged in configuration files | ||
77 | As of version 3 OpenSSH no longer uses separate files for ssh1 and | ||
78 | ssh2 keys. This means the authorized_keys2 and known_hosts2 files | ||
79 | are no longer needed. They will still be read in order to maintain | ||
80 | backwards compatibility | ||
81 | |||
82 | Template: ssh/use_old_init_script | ||
83 | Type: boolean | ||
84 | Default: false | ||
85 | Description: Do you want to continue (and risk killing active ssh sessions) ? | ||
86 | The version of /etc/init.d/ssh that you have installed, is likely to kill | ||
87 | all running sshd instances. If you are doing this upgrade via an ssh | ||
88 | session, that would be a Bad Thing(tm). | ||
89 | . | ||
90 | You can fix this by adding "--pidfile /var/run/sshd.pid" to the | ||
91 | start-stop-daemon line in the stop section of the file. | ||
92 | Description-de: Wollen Sie weitermachen (und das Killen der Session riskieren)? | ||
93 | Die Version von /etc/init.d/ssh, die sie installiert haben, wird | ||
94 | vermutlich ihre aktiven ssh-Instanzen killen. Wenn Sie das Upgrade | ||
95 | via ssh erledigen, dann ist das ein Problem. | ||
96 | . | ||
97 | Sie koennen das Problem beheben, indem sie "--pidfile /var/run/sshd.pid" | ||
98 | an die start-stop-daemon Zeile in dem Bereich stop der Datei | ||
99 | /etc/init.d/ssh ergaenzen. | ||
100 | Description-fr: Voulez vous continuer (et risquer de rompre les sessions ssh actives) ? | ||
101 | Il est probable que la version de /etc/init.d/ssh install=E9e en ce moment | ||
102 | tue toutes les instances de sshd lanc=E9es en ce moment. Si vous faite une | ||
103 | mise =E0 jour via ssh, ca serait une Mauvaise Chose(tm). | ||
104 | . | ||
105 | Vous pouvez corriger /etc/init.d/ssh en ajoutant '--pidfile /var/run/sshd.pid' | ||
106 | a la ligne 'start-stop-daemon' dans la section 'stop' du fichier. | ||
107 | |||
108 | Template: ssh/forward_warning | ||
109 | Type: note | ||
110 | Description: NOTE: Forwarding of X11 and Authorization disabled by default. | ||
111 | For security reasons, the Debian version of ssh has ForwardX11 and | ||
112 | ForwardAgent set to ``off'' by default. | ||
113 | . | ||
114 | You can enable it for servers you trust, either | ||
115 | in one of the configuration files, or with the -X command line option. | ||
116 | . | ||
117 | More details can be found in /usr/share/doc/ssh/README.Debian | ||
118 | Description-de: HINWEIS: Forwarden von X11 und Authorisierung ist abgeschaltet. | ||
119 | Aus Sicherheitsgruenden haben die Debian Pakete von ssh ForwardX11 und | ||
120 | ForwardAgent auf "off" gesetzt. | ||
121 | . | ||
122 | Sie koenne dies fuer Server denen Sie trauen, entweder per Eintrag im | ||
123 | den Konfigurations Dateien oder per -X Kommando-Zeilen Option aendern. | ||
124 | . | ||
125 | Weitere Details koennen Sie in /usr/share/doc/ssh/README.Debian finden. | ||
126 | Description-fr: NOTE: Suivi de session X11 et d'agent d'autorisation d=E9sactiv=E9s par d=E9faut. | ||
127 | Pour des raisons de s=E9curit=E9, la version Debian de ssh positionne les | ||
128 | options ForwardX11 et ForwardAgent a ``Off'' par d=E9faut. | ||
129 | . | ||
130 | Vous pouvez activer ces options pour les serveurs en lesquels vous avez | ||
131 | confiance, soit dans un des fichiers de configuration, soit avec l'option | ||
132 | -X de la ligne de commande. | ||
133 | . | ||
134 | Plus d'informations sont disponibles dans /usr/share/doc/ssh/README.Debian. | ||
135 | |||
136 | Template: ssh/insecure_rshd | ||
137 | Type: note | ||
138 | Description: Warning: rsh-server is installed --- probably not a good idea | ||
139 | having rsh-server installed undermines the security that you were probably | ||
140 | wanting to obtain by installing ssh. I'd advise you to remove that package. | ||
141 | Description-de: Warnung: rsh-server ist installiert --- moeglicherweise | ||
142 | ist es eine schlechte Idee den rsh-server installiert zu haben, da er | ||
143 | die Sicherheit untergraebt. Wir empfehlen das Paket zu entfernen. | ||
144 | Description-fr: Attention: le paquet rsh-server est install=E9 --- ce n'estprobablement pas une bonne id=E9e | ||
145 | Avoir un serveur rsh install=E9 affaibli la s=E9curit=E9 que vous vouliez | ||
146 | probablement obtenir en installant ssh. Je vous conseillerais de | ||
147 | d=E9installer ce paquet. | ||
148 | |||
149 | Template: ssh/insecure_telnetd | ||
150 | Type: note | ||
151 | Description: Warning: telnetd is installed --- probably not a good idea | ||
152 | I'd advise you to either remove the telnetd package (if you don't actually | ||
153 | need to offer telnet access) or install telnetd-ssl so that there is at | ||
154 | least some chance that telnet sessions will not be sending unencrypted | ||
155 | login/password and session information over the network. | ||
156 | Description-de: Warnung: telnetd ist installiert --- schlechte Idee | ||
157 | Wir empfehlen das telnetd Paket zu entfernen (wenn sie keine telnet Zugang | ||
158 | anbieten) oder telnetd-ssl zu installieren, so dass die Moeglichkeit besteht | ||
159 | dass das Login und Password nicht unverschluesselt durch das Netz gesendet | ||
160 | werden. | ||
161 | Description-fr: Attention: le paquet telnetd est install=E9 --- ce n'est probablement pas une bonne id=E9e | ||
162 | Je vous conseillerais de, soit enlever le paquet telnetd (si ce service | ||
163 | n'est pas n=E9cessaire), soit de le remplacer par le paquet telnetd-ssl | ||
164 | pour qu'il y ait au moins une chance que les sessions telnet soient | ||
165 | encrypt=E9es et que les mot de passes et logins ne passent pas en clair sur | ||
166 | le r=E9seau. | ||
167 | |||
168 | Template: ssh/encrypted_host_key_but_no_keygen | ||
169 | Type: note | ||
170 | Description: Warning: you must create a new host key | ||
171 | There is an old /etc/ssh/ssh_host_key, which is IDEA encrypted. | ||
172 | OpenSSH can not handle this host key file, and I can't find the | ||
173 | ssh-keygen utility from the old (non-free) SSH installation. | ||
174 | . | ||
175 | You will need to generate a new host key. | ||
176 | Description-de: Warnung: Sie muessen einen neuen Host Key erzeugen | ||
177 | Es existiert eine alte Variante von /etc/ssh/ssh_host_key welche | ||
178 | per IDEA verschluesselt ist. OpenSSH kann eine solche Host Key Datei | ||
179 | nicht lesen und ssh-keygen von der alten (nicht-freien) ssh Installation | ||
180 | kann nicht gefunden werden. | ||
181 | Description-fr: Attention: vous devez cr=E9er une nouvelle cl=E9 d'h=F4te | ||
182 | Il existe un vieux /etc/ssh/ssh_host_key qui est encrypt=E9 avec IDEA. | ||
183 | OpenSSH ne peut utiliser ce fichier de cl=E9, et je ne peux trouver | ||
184 | l'utilitaire ssh-keygen de l'installation pr=E9c=E9dente (non libre) de SSH. | ||
185 | |||
186 | Template: ssh/SUID_client | ||
187 | Type: boolean | ||
188 | Default: true | ||
189 | Description: Do you want /usr/lib/ssh-keysign to be installed SUID root? | ||
190 | You have the option of installing the ssh-keysign helper with the SUID | ||
191 | bit set. | ||
192 | . | ||
193 | If you make ssh-keysign SUID, you will be able to use SSH's Protocol 2 | ||
194 | host-based authentication. | ||
195 | . | ||
196 | If in doubt, I suggest you install it with SUID. If it causes | ||
197 | problems you can change your mind later by running: dpkg-reconfigure ssh | ||
198 | |||
199 | Template: ssh/run_sshd | ||
200 | Type: boolean | ||
201 | Default: true | ||
202 | Description: Do you want to run the sshd server ? | ||
203 | This package contains both the ssh client, and the sshd server. | ||
204 | . | ||
205 | Normally the sshd Secure Shell Server will be run to allow remote | ||
206 | logins via ssh. | ||
207 | . | ||
208 | If you are only interested in using the ssh client for outbound | ||
209 | connections on this machine, and don't want to log into it at all | ||
210 | using ssh, then you can disable sshd here. | ||
211 | Description-de: Wollen Sie den sshd Server starten? | ||
212 | Das Paket enthaelt sowohl den client als auch den sshd server. | ||
213 | . | ||
214 | Normal wird der sshd Secure Shell Server fuer Remote Logins per ssh | ||
215 | gestartet. | ||
216 | . | ||
217 | Wenn Sie nur den ssh client nutzen wollen, um sich mit anderen Rechner | ||
218 | zu verbinden und sich nicht per ssh in diesen Computer einloggen wollen, | ||
219 | dann koennen Sie hier den sshd abschalten. | ||
220 | Description-fr: Voulez vous utiliser le serveur sshd ? | ||
221 | Ce paquet contient a la fois le client ssh et le serveur sshd. | ||
222 | . | ||
223 | Normalement le serveur sshd sera lanc=E9 pour permettre les logins distants | ||
224 | via ssh. | ||
225 | . | ||
226 | Si vous d=E9sirez seulement utiliser le client ssh pour vous connecter a | ||
227 | distance sur d'autres machines a partir de celle-ci, et que vous ne | ||
228 | voulez pas vous logguer sur cette machine a distance via ssh, alors vous | ||
229 | pouvez d=E9sactiver sshd maintenant. | ||