From 8e5cf830fdb7e1b39c9666fd5df379c2d127669d Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Sat, 9 Jul 2005 23:06:59 +0000
Subject: Do the IDEA host key check on a temporary file to avoid altering
 /etc/ssh/ssh_host_key itself (closes: #312312).

---
 debian/changelog               | 7 +++++++
 debian/openssh-server.postinst | 4 +++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index 00e514beb..61bbb4234 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+openssh (1:4.1p1-7) UNRELEASED; urgency=low
+
+  * Do the IDEA host key check on a temporary file to avoid altering
+    /etc/ssh/ssh_host_key itself (closes: #312312).
+
+ -- Colin Watson <cjwatson@debian.org>  Sat,  9 Jul 2005 23:59:38 +0100
+
 openssh (1:4.1p1-6) unstable; urgency=low
 
   * Fix one-character typo that meant the binaries in openssh-client and
diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst
index 02d01f2d8..ef1412ca7 100644
--- a/debian/openssh-server.postinst
+++ b/debian/openssh-server.postinst
@@ -26,11 +26,13 @@ check_idea_key() {
 	# check for old host_key files using IDEA, which openssh does not
 	# support
 	if [ -f /etc/ssh/ssh_host_key ] ; then
-		if ssh-keygen -p -N '' -f /etc/ssh/ssh_host_key 2>&1 | \
+		cp -a /etc/ssh/ssh_host_key /etc/ssh/ssh_host_key.check_idea
+		if ssh-keygen -p -N '' -f /etc/ssh/ssh_host_key.check_idea 2>&1 | \
 				grep -q 'unknown cipher' 2>/dev/null; then
 			mv /etc/ssh/ssh_host_key /etc/ssh/ssh_host_key.old
 			mv /etc/ssh/ssh_host_key.pub /etc/ssh/ssh_host_key.pub.old
 		fi
+		rm -f /etc/ssh/ssh_host_key.check_idea
 	fi
 }
 
-- 
cgit v1.2.3