From 0239e785e4985848ccbcf2ac770c75bd68d6ddd1 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 4 Jan 2010 11:22:38 +0000 Subject: Refer to sshd_config(5) rather than sshd(8) in postinst-written /etc/ssh/sshd_config, and add UsePAM commentary from upstream-shipped configuration file (closes: #415008, although unfortunately this will only be conveniently visible on new installations). --- debian/changelog | 4 ++++ debian/openssh-server.postinst | 11 ++++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index ecbea235e..8369d2aab 100644 --- a/debian/changelog +++ b/debian/changelog @@ -52,6 +52,10 @@ openssh (1:5.2p1-1) UNRELEASED; urgency=low non-BSD systems (closes: #154434). * Remove/adjust manual page references to BSD-specific /etc/rc (closes: #513417). + * Refer to sshd_config(5) rather than sshd(8) in postinst-written + /etc/ssh/sshd_config, and add UsePAM commentary from upstream-shipped + configuration file (closes: #415008, although unfortunately this will + only be conveniently visible on new installations). -- Colin Watson Thu, 12 Nov 2009 21:31:44 +0000 diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst index 9dfc68a5a..557bf2b23 100644 --- a/debian/openssh-server.postinst +++ b/debian/openssh-server.postinst @@ -294,7 +294,7 @@ create_sshdconfig() { cat < /etc/ssh/sshd_config # Package generated configuration file -# See the sshd(8) manpage for details +# See the sshd_config(5) manpage for details # What ports, IPs and protocols we listen for Port 22 @@ -369,6 +369,15 @@ AcceptEnv LANG LC_* Subsystem sftp /usr/lib/openssh/sftp-server +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. UsePAM yes EOF } -- cgit v1.2.3