summaryrefslogtreecommitdiff
path: root/debian/openssh-server.postinst
AgeCommit message (Collapse)Author
2005-09-14* Set X11Forwarding to yes in the default sshd_config (new installs only).Colin Watson
At least when X11UseLocalhost is turned on, which is the default, the security risks of using X11 forwarding are risks to the client, not to the server (closes: #320104).
2005-07-09Do the IDEA host key check on a temporary file to avoid alteringColin Watson
/etc/ssh/ssh_host_key itself (closes: #312312).
2005-07-09fix awful formatting in check_idea_keyColin Watson
2005-07-03Make /usr/share/doc/openssh-server and /usr/share/doc/ssh symlinks toColin Watson
/usr/share/doc/openssh-client.
2005-06-17Manoj Srivastava:Colin Watson
- Added SELinux capability, and turned it on be default. Added restorecon calls in preinst and postinst (should not matter if the machine is not SELinux aware). By and large, the changes made should have no effect unless the rules file calls --with-selinux; and even then there should be no performance hit for machines not actively running SELinux. - Modified the preinst and postinst to call restorecon to set the security context for the generated public key files. - Added a comment to /etc/pam.d/ssh to indicate that an SELinux system may want to also include pam_selinux.so.
2005-05-31Drop debconf support for allowing SSH protocol 1, which is discouraged andColin Watson
has not been the default since openssh 1:3.0.1p1-1. Users who need this should edit sshd_config instead (closes: #147212).
2005-05-31Fix up very old sshd_config files that refer to /usr/libexec/sftp-serverColin Watson
(closes: #141979).
2005-05-31Change libexecdir to /usr/lib/openssh, and fix up various alternatives andColin Watson
configuration files to match (closes: #87900, #151321).
2005-05-30Disable ChallengeResponseAuthentication in new installations, returning toColin Watson
PasswordAuthentication by default, since it now supports PAM and apparently works better with a non-threaded sshd.
2005-01-15Drop LoginGraceTime back to the upstream default of two minutes on newColin Watson
installs (closes: #289573).
2005-01-04Pass LANG and LC_* environment variables from the client by default, andColin Watson
accept them to the server by default in new installs, although not on upgrade (closes: #264024).
2004-10-24Forward-port from HEAD:Colin Watson
* Preserve /etc/ssh/sshd_config ownership/permissions (closes: #276754). * Shorten the version string from the form "OpenSSH_3.8.1p1 Debian 1:3.8.1p1-8.sarge.1" to "OpenSSH_3.8.1p1 Debian-8.sarge.1", as some SSH implementations apparently have problems with the long version string. This is of course a bug in those implementations, but since the extent of the problem is unknown it's best to play safe (closes: #275731). * debconf template translations: - Add Finnish (thanks, Matti Pöllä; closes: #265339). - Update Danish (thanks, Morten Brix Pedersen; closes: #275895). - Update French (thanks, Denis Barbier; closes: #276703). - Update Japanese (thanks, Kenshi Muto; closes: #277438).
2004-10-06Forward-port from HEAD:Colin Watson
* If PasswordAuthentication is disabled, then offer to disable ChallengeResponseAuthentication too. The current PAM code will attempt password-style authentication if ChallengeResponseAuthentication is enabled (closes: #250369). * This will ask a question of anyone who installed fresh with 1:3.8p1-2 or later and then upgraded. Sorry about that ... for this reason, the default answer is to leave ChallengeResponseAuthentication enabled.
2004-08-02Add a heuristic to try to make sure the sshd_config upgrade to >= 3.7Colin Watson
happens even though we don't know what version we're upgrading from.
2004-07-31* Split the ssh binary package into openssh-client and openssh-serverColin Watson
(closes: #39741). openssh-server depends on openssh-client for some common functionality; it didn't seem worth creating yet another package for this. * New transitional ssh package, depending on openssh-client and openssh-server. May be removed once nothing depends on it. * When upgrading from ssh to openssh-{client,server}, it's very difficult for the maintainer scripts to find out what version we're upgrading from without dodgy dpkg hackery. I've therefore taken the opportunity to move a couple of debconf notes into NEWS files, namely ssh/ssh2_keys_merged and ssh/user_environment_tell. * In general, upgrading to this version directly from woody without first upgrading to the version in sarge is not currently guaranteed to work very smoothly due to the aforementioned version discovery problems.