From 8e5cf830fdb7e1b39c9666fd5df379c2d127669d Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Sat, 9 Jul 2005 23:06:59 +0000
Subject: Do the IDEA host key check on a temporary file to avoid altering
 /etc/ssh/ssh_host_key itself (closes: #312312).

---
 debian/openssh-server.postinst | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'debian/openssh-server.postinst')

diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst
index 02d01f2d8..ef1412ca7 100644
--- a/debian/openssh-server.postinst
+++ b/debian/openssh-server.postinst
@@ -26,11 +26,13 @@ check_idea_key() {
 	# check for old host_key files using IDEA, which openssh does not
 	# support
 	if [ -f /etc/ssh/ssh_host_key ] ; then
-		if ssh-keygen -p -N '' -f /etc/ssh/ssh_host_key 2>&1 | \
+		cp -a /etc/ssh/ssh_host_key /etc/ssh/ssh_host_key.check_idea
+		if ssh-keygen -p -N '' -f /etc/ssh/ssh_host_key.check_idea 2>&1 | \
 				grep -q 'unknown cipher' 2>/dev/null; then
 			mv /etc/ssh/ssh_host_key /etc/ssh/ssh_host_key.old
 			mv /etc/ssh/ssh_host_key.pub /etc/ssh/ssh_host_key.pub.old
 		fi
+		rm -f /etc/ssh/ssh_host_key.check_idea
 	fi
 }
 
-- 
cgit v1.2.3