summaryrefslogtreecommitdiff
path: root/debian/openssh-server.config
AgeCommit message (Collapse)Author
2018-01-26Add debconf template to disable password authColin Watson
The new template is called openssh-server/password-authentication, and is preseeding-only (at least for now). Closes: #878945
2016-12-26Stop openssh-server.config exiting non-zero on fresh installations.Colin Watson
2016-12-26Start handling /etc/ssh/sshd_config using ucf.Colin Watson
* Start handling /etc/ssh/sshd_config using ucf. The immediate motivation for this is to deal with deprecations of options related to protocol 1, but something like this has been needed for a long time (closes: #419574, #848089): - sshd_config is now a slightly-patched version of upstream's, and only contains non-default settings (closes: #147201). - I've included as many historical md5sums of default versions of sshd_config as I could reconstruct from version control, but I'm sure I've missed some. - Explicitly synchronise the debconf database with the current configuration file state in openssh-server.config, to ensure that the PermitRootLogin setting is properly preserved. - UsePrivilegeSeparation now defaults to the stronger "sandbox" rather than "yes", per upstream.
2014-06-28Make get_config_option more robust against trailing whitespace (thanks, ↵Colin Watson
LaMont Jones).
2014-03-31If no root password is set, then switch to "PermitRootLogin ↵Colin Watson
without-password" without asking (LP: #1300127).
2014-03-27Change to "PermitRootLogin without-password" for new installationsColin Watson
Also ask a debconf question when upgrading systems with "PermitRootLogin yes" from previous versions. Closes: #298138
2013-05-22Remove lots of maintainer script support for upgrades from pre-etchColin Watson
(three releases before current stable).
2013-05-21Remove support for upgrading from ssh-nonfree.Colin Watson
2013-05-21Remove ssh/use_old_init_script, which was a workaround for a very oldColin Watson
bug in /etc/init.d/ssh. If anyone has ignored this for >10 years then they aren't going to be convinced now.
2010-01-02Remove ssh/new_config, only needed for direct upgrades from potato whichColin Watson
are no longer particularly feasible anyway (closes: #420682).
2008-03-22* Use printf rather than echo -en (a bashism) in openssh-server.config andColin Watson
openssh-server.preinst.
2006-10-04* Remove ssh/insecure_telnetd check altogether (closes: #391081).Colin Watson
2005-05-31Drop debconf support for allowing SSH protocol 1, which is discouraged andColin Watson
has not been the default since openssh 1:3.0.1p1-1. Users who need this should edit sshd_config instead (closes: #147212).
2005-03-15Remove obsolete and unnecessary ssh/forward_warning debconf note.Colin Watson
2004-10-06Forward-port from HEAD:Colin Watson
* If PasswordAuthentication is disabled, then offer to disable ChallengeResponseAuthentication too. The current PAM code will attempt password-style authentication if ChallengeResponseAuthentication is enabled (closes: #250369). * This will ask a question of anyone who installed fresh with 1:3.8p1-2 or later and then upgraded. Sorry about that ... for this reason, the default answer is to leave ChallengeResponseAuthentication enabled.
2004-07-31* Split the ssh binary package into openssh-client and openssh-serverColin Watson
(closes: #39741). openssh-server depends on openssh-client for some common functionality; it didn't seem worth creating yet another package for this. * New transitional ssh package, depending on openssh-client and openssh-server. May be removed once nothing depends on it. * When upgrading from ssh to openssh-{client,server}, it's very difficult for the maintainer scripts to find out what version we're upgrading from without dodgy dpkg hackery. I've therefore taken the opportunity to move a couple of debconf notes into NEWS files, namely ssh/ssh2_keys_merged and ssh/user_environment_tell. * In general, upgrading to this version directly from woody without first upgrading to the version in sarge is not currently guaranteed to work very smoothly due to the aforementioned version discovery problems.