| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2016-07-22 | Stop generating DSA host keys by default (thanks, Santiago Vila; closes: ↵ | Colin Watson | |
| #823827). | |||
| 2016-01-17 | Remove protocol 1 host key generation from openssh-server.postinst (closes: ↵ | Colin Watson | |
| #811265). | |||
| 2015-11-29 | New upstream release (7.1p1). | Colin Watson | |
| 2015-11-29 | Change "PermitRootLogin without-password" to the new preferred spelling of ↵ | Colin Watson | |
| "PermitRootLogin prohibit-password" in sshd_config, and update documentation to reflect the new upstream default. | |||
| 2015-04-19 | Silence confusing messages if Upstart is installed but not active | Martin Pitt | |
| * openssh-server.postinst: Quiesce "Unable to connect to Upstart" error message from initctl if upstart is installed, but not the current init system. (LP: #1440070) * openssh-server.postinst: Fix version comparisons of upgrade adjustments to not apply to fresh installs. | |||
| 2015-03-22 | Revert LC_* configuration change (closes: #780797). | Colin Watson | |
| 2014-11-06 | Send/accept only specific known LC_* variables, rather than using a wildcard ↵ | Colin Watson | |
| (closes: #765633). | |||
| 2014-11-03 | Assume that dpkg-statoverride exists and drop the test for an obsolete ↵ | Colin Watson | |
| compatibility path. | |||
| 2014-09-20 | Show fingerprints of new keys after creating them in the postinst (closes: ↵ | Colin Watson | |
| #762128). | |||
| 2014-06-28 | Make get_config_option more robust against trailing whitespace (thanks, ↵ | Colin Watson | |
| LaMont Jones). | |||
| 2014-03-27 | Change to "PermitRootLogin without-password" for new installations | Colin Watson | |
| Also ask a debconf question when upgrading systems with "PermitRootLogin yes" from previous versions. Closes: #298138 | |||
| 2014-02-13 | Remove code related to non-dependency-based sysv-rc ordering, since that is ↵ | Colin Watson | |
| no longer supported. | |||
| 2014-02-12 | Reorder transition code by guard version. | Colin Watson | |
| 2014-02-12 | Bump guard version for sysvinit->systemd transition to 1:6.5p1-3; we may ↵ | Colin Watson | |
| have got it wrong before, and it's fairly harmless to repeat it. | |||
| 2014-02-12 | Fix sysvinit->systemd transition code | Colin Watson | |
| We need to cope with still-running sysvinit jobs being considered active by systemd (thanks, Uoti Urpala and Michael Biebl). | |||
| 2014-02-11 | Only enable ssh.service for systemd, not both ssh.service and ssh.socket. ↵ | Colin Watson | |
| Thanks to Michael Biebl for spotting this. | |||
| 2014-02-10 | Add systemd support (thanks, Sven Joachim; closes: #676830). | Colin Watson | |
| 2014-02-10 | Generate ED25519 host keys on fresh installations. | Colin Watson | |
| Upgraders who wish to add such host keys should manually add 'HostKey /etc/ssh/ssh_host_ed25519_key' to /etc/ssh/sshd_config and run 'ssh-keygen -q -f /etc/ssh/ssh_host_ed25519_key -N "" -t ed25519'. | |||
| 2013-11-12 | Increase ServerKeyBits value in package-generated sshd_config to 1024 | Colin Watson | |
| (closes: #727622, LP: #1244272). | |||
| 2013-06-13 | Use 'set -e' rather than '#! /bin/sh -e' in maintainer scripts and | Colin Watson | |
| ssh-argv0. | |||
| 2013-06-06 | Set SELinux context on private host keys as well as public host keys | Colin Watson | |
| (closes: #687436). | |||
| 2013-05-22 | If the running init daemon is Upstart, then, on the first upgrade to | Colin Watson | |
| this version, check whether sysvinit is still managing sshd; if so, manually stop it so that it can be restarted under upstart. We do this near the end of the postinst, so it shouldn't result in any appreciable extra window where sshd is not running during upgrade. | |||
| 2013-05-22 | * Remove the check for vulnerable host keys; this was first added five | Colin Watson | |
| years ago, and everyone should have upgraded through a version that applied these checks by now. The ssh-vulnkey tool and the blacklisting support in sshd are still here, at least for the moment. * This removes the last of our uses of debconf (closes: #221531). | |||
| 2013-05-22 | Switch to new unified layout for Upstart jobs as documented in | Colin Watson | |
| https://wiki.ubuntu.com/UpstartCompatibleInitScripts: the init script checks for a running Upstart, and we now let dh_installinit handle most of the heavy lifting in maintainer scripts. Ubuntu users should be essentially unaffected except that sshd may no longer start automatically in chroots if the running Upstart predates 0.9.0; but the main goal is simply not to break when openssh-server is installed in a chroot. | |||
| 2012-11-26 | Merge Upstart job scripting support from Ubuntu, to handle the Upstart job ↵ | Colin Watson | |
| being primary there. | |||
| 2011-04-04 | Remove unreachable code from openssh-server.postinst. | Colin Watson | |
| 2011-01-24 | Generate ECDSA host keys. These will only be used on fresh | Colin Watson | |
| installations or if you manually add 'HostKey /etc/ssh/ssh_host_ecdsa_key' to /etc/ssh/sshd_config. | |||
| 2010-12-26 | Touch /var/run/sshd/.placeholder in the preinst so that /var/run/sshd, | Colin Watson | |
| which is intentionally no longer shipped in the openssh-server package due to /var/run often being a temporary directory, is not removed on upgrade (closes: #575582). | |||
| 2010-04-28 | Drop IDEA key check; I don't think it works properly any more due to | Colin Watson | |
| textual changes in error output, it's only relevant for direct upgrades from truly ancient versions, and it breaks upgrades if /etc/ssh/ssh_host_key can't be loaded (closes: #579570). | |||
| 2010-03-31 | Drop most of our "LogLevel SILENT" (-qq) patch. This was originally | Colin Watson | |
| introduced to match the behaviour of non-free SSH, in which -q does not suppress fatal errors, but matching the behaviour of OpenSSH upstream is much more important nowadays. We no longer document that -q does not suppress fatal errors (closes: #280609). Migrate "LogLevel SILENT" to "LogLevel QUIET" in sshd_config on upgrade. | |||
| 2010-01-04 | Refer to sshd_config(5) rather than sshd(8) in postinst-written | Colin Watson | |
| /etc/ssh/sshd_config, and add UsePAM commentary from upstream-shipped configuration file (closes: #415008, although unfortunately this will only be conveniently visible on new installations). | |||
| 2010-01-02 | Remove init script stop link in rc1, as killprocs handles it already. | Colin Watson | |
| 2010-01-02 | Cope with insserv reordering of init script links. | Colin Watson | |
| 2010-01-02 | Remove ssh/new_config, only needed for direct upgrades from potato which | Colin Watson | |
| are no longer particularly feasible anyway (closes: #420682). | |||
| 2009-07-31 | Use 'which' rather than 'type' in maintainer scripts. | Colin Watson | |
| 2008-05-12 | * Mitigate OpenSSL security vulnerability: | Colin Watson | |
| - Add key blacklisting support. Keys listed in /etc/ssh/blacklist.TYPE-LENGTH will be rejected for authentication by sshd, unless "PermitBlacklistedKeys yes" is set in /etc/ssh/sshd_config. - Add a new program, ssh-vulnkey, which can be used to check keys against these blacklists. - Depend on openssh-blacklist. - Force dependencies on libssl0.9.8 / libcrypto0.9.8-udeb to at least 0.9.8g-9. - Automatically regenerate known-compromised host keys, with a critical-priority debconf note. (I regret that there was no time to gather translations.) | |||
| 2008-04-04 | Rename KeepAlive to TCPKeepAlive in sshd_config, cleaning up from old | Colin Watson | |
| configurations (LP: #211400). | |||
| 2008-02-08 | * Move /etc/pam.d/ssh to /etc/pam.d/sshd, allowing us to stop defining | Colin Watson | |
| SSHD_PAM_SERVICE (closes: #255870). | |||
| 2007-12-24 | * Remove the hideously old /etc/ssh/primes on upgrade (closes: #123013). | Colin Watson | |
| 2007-06-12 | stop link for rc1; fix function call | Colin Watson | |
| 2007-06-12 | * Move init script start links to S16, and remove stop links altogether | Colin Watson | |
| (closes: #122188). | |||
| 2006-12-23 | fix disable_config_option to actually work | Colin Watson | |
| 2006-12-23 | * Make GSSAPICleanupCreds a compatibility alias for | Colin Watson | |
| GSSAPICleanupCredentials. Mark GSSUseSessionCCache and GSSAPIUseSessionCredCache as known-but-unsupported options, and migrate away from them on upgrade. | |||
| 2006-12-06 | * When installing openssh-client or openssh-server from scratch, remove | Colin Watson | |
| any unchanged conffiles from the pre-split ssh package to work around a bug in sarge's dpkg (thanks, Justin Pryzby and others; closes: #335276). | |||
| 2006-12-06 | * Create transitional ssh-krb5 package which enables GSSAPI configuration | Colin Watson | |
| in sshd_config. * Default client to attempting GSSAPI authentication. * Remove obsolete GSSAPINoMICAuthentication from sshd_config if it's found. | |||
| 2006-11-20 | * Ignore errors from usermod when changing sshd'\''s shell, since it will | Colin Watson | |
| fail if the sshd user is not local (closes: #398436). | |||
| 2006-07-26 | silence grep output | Colin Watson | |
| 2006-07-14 | * Change sshd user's shell to /usr/sbin/nologin (closes: #366541). | Colin Watson | |
| Introduces dependency on passwd for usermod. | |||
| 2006-04-16 | * Rename KeepAlive to TCPKeepAlive in default sshd_config | Colin Watson | |
| (closes: #349896). | |||
| 2005-09-14 | - Update commented-out Kerberos/GSSAPI options in default sshd_config. | Colin Watson | |
 |
index : openssh.git | |
| summaryrefslogtreecommitdiff |