From 9749ef7f9b382d743b186bf06c7c2aeb0b9bebee Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Sat, 31 Jul 2004 03:22:20 +0000 Subject: * Split the ssh binary package into openssh-client and openssh-server (closes: #39741). openssh-server depends on openssh-client for some common functionality; it didn't seem worth creating yet another package for this. * New transitional ssh package, depending on openssh-client and openssh-server. May be removed once nothing depends on it. * When upgrading from ssh to openssh-{client,server}, it's very difficult for the maintainer scripts to find out what version we're upgrading from without dodgy dpkg hackery. I've therefore taken the opportunity to move a couple of debconf notes into NEWS files, namely ssh/ssh2_keys_merged and ssh/user_environment_tell. * In general, upgrading to this version directly from woody without first upgrading to the version in sarge is not currently guaranteed to work very smoothly due to the aforementioned version discovery problems. --- debian/templates.master | 125 ------------------------------------------------ 1 file changed, 125 deletions(-) delete mode 100644 debian/templates.master (limited to 'debian/templates.master') diff --git a/debian/templates.master b/debian/templates.master deleted file mode 100644 index 07f62b178..000000000 --- a/debian/templates.master +++ /dev/null @@ -1,125 +0,0 @@ -Template: ssh/new_config -Type: boolean -Default: true -_Description: Generate new configuration file - This version of OpenSSH has a considerably changed configuration file from - the version shipped in Debian 'Potato', which you appear to be upgrading - from. I can now generate you a new configuration file - (/etc/ssh/sshd.config), which will work with the new server version, but - will not contain any customisations you made with the old version. - . - Please note that this new configuration file will set the value of - 'PermitRootLogin' to yes (meaning that anyone knowing the root password - can ssh directly in as root). It is the opinion of the maintainer that - this is the correct default (see README.Debian for more details), but you - can always edit sshd_config and set it to no if you wish. - . - It is strongly recommended that you let me generate a new configuration - file for you. - -Template: ssh/protocol2_only -Type: boolean -Default: true -_Description: Allow SSH protocol 2 only - This version of OpenSSH supports version 2 of the ssh protocol, which is - much more secure. Disabling ssh 1 is encouraged, however this will slow - things down on low end machines and might prevent older clients from - connecting (the ssh client shipped with "potato" is affected). - . - Also please note that keys used for protocol 1 are different so you will - not be able to use them if you only allow protocol 2 connections. - . - If you later change your mind about this setting, README.Debian has - instructions on what to do to your sshd_config file. - -Template: ssh/ssh2_keys_merged -Type: note -_Description: ssh2 keys merged in configuration files - As of version 3 OpenSSH no longer uses separate files for ssh1 and ssh2 - keys. This means the authorized_keys2 and known_hosts2 files are no longer - needed. They will still be read in order to maintain backwards - compatibility - -Template: ssh/use_old_init_script -Type: boolean -Default: false -_Description: Do you want to continue (and risk killing active ssh sessions)? - The version of /etc/init.d/ssh that you have installed, is likely to kill - all running sshd instances. If you are doing this upgrade via an ssh - session, that would be a Bad Thing(tm). - . - You can fix this by adding "--pidfile /var/run/sshd.pid" to the - start-stop-daemon line in the stop section of the file. - -Template: ssh/forward_warning -Type: note -_Description: NOTE: Forwarding of X11 and Authorization disabled by default. - For security reasons, the Debian version of ssh has ForwardX11 and - ForwardAgent set to ``off'' by default. - . - You can enable it for servers you trust, either in one of the - configuration files, or with the -X command line option. - . - More details can be found in /usr/share/doc/ssh/README.Debian - -Template: ssh/insecure_rshd -Type: note -_Description: Warning: rsh-server is installed --- probably not a good idea - having rsh-server installed undermines the security that you were probably - wanting to obtain by installing ssh. I'd advise you to remove that - package. - -Template: ssh/insecure_telnetd -Type: note -_Description: Warning: telnetd is installed --- probably not a good idea - I'd advise you to either remove the telnetd package (if you don't actually - need to offer telnet access) or install telnetd-ssl so that there is at - least some chance that telnet sessions will not be sending unencrypted - login/password and session information over the network. - -Template: ssh/encrypted_host_key_but_no_keygen -Type: note -_Description: Warning: you must create a new host key - There is an old /etc/ssh/ssh_host_key, which is IDEA encrypted. OpenSSH - can not handle this host key file, and I can't find the ssh-keygen utility - from the old (non-free) SSH installation. - . - You will need to generate a new host key. - -Template: ssh/SUID_client -Type: boolean -Default: true -_Description: Do you want /usr/lib/ssh-keysign to be installed SUID root? - You have the option of installing the ssh-keysign helper with the SUID bit - set. - . - If you make ssh-keysign SUID, you will be able to use SSH's Protocol 2 - host-based authentication. - . - If in doubt, I suggest you install it with SUID. If it causes problems - you can change your mind later by running: dpkg-reconfigure ssh - -Template: ssh/run_sshd -Type: boolean -Default: true -_Description: Do you want to run the sshd server? - This package contains both the ssh client, and the sshd server. - . - Normally the sshd Secure Shell Server will be run to allow remote logins - via ssh. - . - If you are only interested in using the ssh client for outbound - connections on this machine, and don't want to log into it at all using - ssh, then you can disable sshd here. - -Template: ssh/user_environment_tell -Type: note -_Description: Environment options on keys have been deprecated - This version of OpenSSH disables the environment option for public keys by - default, in order to avoid certain attacks (for example, LD_PRELOAD). If - you are using this option in an authorized_keys file, beware that the keys - in question will no longer work until the option is removed. - . - To re-enable this option, set "PermitUserEnvironment yes" in - /etc/ssh/sshd_config after the upgrade is complete, taking note of the - warning in the sshd_config(5) manual page. -- cgit v1.2.3