summaryrefslogtreecommitdiff
path: root/debian/openssh-server.templates
AgeCommit message (Collapse)Author
2018-01-26Add debconf template to disable password authColin Watson
The new template is called openssh-server/password-authentication, and is preseeding-only (at least for now). Closes: #878945
2017-01-29Don't set "PermitRootLogin yes" on fresh installations (regression ↵Colin Watson
introduced in 1:7.4p1-1; closes: #852781).
2015-11-29Change "PermitRootLogin without-password" to the new preferred spelling of ↵Colin Watson
"PermitRootLogin prohibit-password" in sshd_config, and update documentation to reflect the new upstream default.
2014-03-27Change to "PermitRootLogin without-password" for new installationsColin Watson
Also ask a debconf question when upgrading systems with "PermitRootLogin yes" from previous versions. Closes: #298138
2013-05-22* Remove the check for vulnerable host keys; this was first added fiveColin Watson
years ago, and everyone should have upgraded through a version that applied these checks by now. The ssh-vulnkey tool and the blacklisting support in sshd are still here, at least for the moment. * This removes the last of our uses of debconf (closes: #221531).
2013-05-22Remove lots of maintainer script support for upgrades from pre-etchColin Watson
(three releases before current stable).
2013-05-21Remove support for upgrading from ssh-nonfree.Colin Watson
2013-05-21Remove ssh/use_old_init_script, which was a workaround for a very oldColin Watson
bug in /etc/init.d/ssh. If anyone has ignored this for >10 years then they aren't going to be convinced now.
2010-01-02Remove ssh/new_config, only needed for direct upgrades from potato whichColin Watson
are no longer particularly feasible anyway (closes: #420682).
2008-05-17${HOST_KEYS} not translatableColin Watson
2008-05-17Fix typo in ssh/vulnerable_host_keys message (thanks, Esko Arajärvi).Colin Watson
2008-05-13compressionColin Watson
2008-05-13add repair instructions from MattColin Watson
2008-05-12* Mitigate OpenSSL security vulnerability:Colin Watson
- Add key blacklisting support. Keys listed in /etc/ssh/blacklist.TYPE-LENGTH will be rejected for authentication by sshd, unless "PermitBlacklistedKeys yes" is set in /etc/ssh/sshd_config. - Add a new program, ssh-vulnkey, which can be used to check keys against these blacklists. - Depend on openssh-blacklist. - Force dependencies on libssl0.9.8 / libcrypto0.9.8-udeb to at least 0.9.8g-9. - Automatically regenerate known-compromised host keys, with a critical-priority debconf note. (I regret that there was no time to gather translations.)
2008-01-11* Drop source-compatibility with Debian 3.0:Colin Watson
- Remove support for building with GNOME 1. This allows simplification of our GNOME build-dependencies (see #460136). - Remove hacks to support the old PAM configuration scheme. - Remove compatibility for building without po-debconf. * Build-depend on libgtk2.0-dev rather than libgnomeui-dev. As far as I can see, the GTK2 version of ssh-askpass-gnome has never required libgnomeui-dev.