Age | Commit message (Collapse) | Author |
|
The new template is called openssh-server/password-authentication, and
is preseeding-only (at least for now).
Closes: #878945
|
|
|
|
* Start handling /etc/ssh/sshd_config using ucf. The immediate motivation
for this is to deal with deprecations of options related to protocol 1,
but something like this has been needed for a long time (closes:
#419574, #848089):
- sshd_config is now a slightly-patched version of upstream's, and only
contains non-default settings (closes: #147201).
- I've included as many historical md5sums of default versions of
sshd_config as I could reconstruct from version control, but I'm sure
I've missed some.
- Explicitly synchronise the debconf database with the current
configuration file state in openssh-server.config, to ensure that the
PermitRootLogin setting is properly preserved.
- UsePrivilegeSeparation now defaults to the stronger "sandbox" rather
than "yes", per upstream.
|
|
LaMont Jones).
|
|
without-password" without asking (LP: #1300127).
|
|
Also ask a debconf question when upgrading systems with "PermitRootLogin
yes" from previous versions.
Closes: #298138
|
|
(three releases before current stable).
|
|
|
|
bug in /etc/init.d/ssh. If anyone has ignored this for >10 years then
they aren't going to be convinced now.
|
|
are no longer particularly feasible anyway (closes: #420682).
|
|
openssh-server.preinst.
|
|
|
|
has not been the default since openssh 1:3.0.1p1-1. Users who need this
should edit sshd_config instead (closes: #147212).
|
|
|
|
* If PasswordAuthentication is disabled, then offer to disable
ChallengeResponseAuthentication too. The current PAM code will attempt
password-style authentication if ChallengeResponseAuthentication is
enabled (closes: #250369).
* This will ask a question of anyone who installed fresh with 1:3.8p1-2 or
later and then upgraded. Sorry about that ... for this reason, the
default answer is to leave ChallengeResponseAuthentication enabled.
|
|
(closes: #39741). openssh-server depends on openssh-client for some
common functionality; it didn't seem worth creating yet another package
for this.
* New transitional ssh package, depending on openssh-client and
openssh-server. May be removed once nothing depends on it.
* When upgrading from ssh to openssh-{client,server}, it's very difficult
for the maintainer scripts to find out what version we're upgrading from
without dodgy dpkg hackery. I've therefore taken the opportunity to move
a couple of debconf notes into NEWS files, namely ssh/ssh2_keys_merged
and ssh/user_environment_tell.
* In general, upgrading to this version directly from woody without first
upgrading to the version in sarge is not currently guaranteed to work
very smoothly due to the aforementioned version discovery problems.
|