From 0a00050c1e005182cb69c672eb53000b9dcdba2c Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Thu, 20 Mar 2014 02:14:01 +0000
Subject: Change to "PermitRootLogin without-password" for new installations

Also ask a debconf question when upgrading systems with "PermitRootLogin
yes" from previous versions.

Closes: #298138
---
 debian/openssh-server.config | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 debian/openssh-server.config

(limited to 'debian/openssh-server.config')

diff --git a/debian/openssh-server.config b/debian/openssh-server.config
new file mode 100644
index 000000000..27594ad2d
--- /dev/null
+++ b/debian/openssh-server.config
@@ -0,0 +1,23 @@
+#! /bin/sh
+set -e
+
+. /usr/share/debconf/confmodule
+db_version 2.0
+
+get_config_option() {
+	option="$1"
+
+	[ -f /etc/ssh/sshd_config ] || return
+
+	# TODO: actually only one '=' allowed after option
+	perl -ne 'print if s/^[[:space:]]*'"$option"'[[:space:]=]+//i' \
+	   /etc/ssh/sshd_config 2>/dev/null
+}
+
+if dpkg --compare-versions "$2" lt-nl 1:6.6p1-1 && \
+   [ "$(get_config_option PermitRootLogin)" = yes ]; then
+	db_input high openssh-server/permit-root-login || true
+	db_go
+fi
+
+exit 0
-- 
cgit v1.2.3