#!/bin/sh 

action=$1
version=$2

# Source debconf library.
. /usr/share/debconf/confmodule
db_version 2.0


get_config_option() {
	option="$1"

	[ -f /etc/ssh/sshd_config ] || return

	# TODO: actually only one '=' allowed after option
	perl -ne 'print if s/^[[:space:]]*'"$option"'[[:space:]=]+//i' \
	   /etc/ssh/sshd_config 2>/dev/null
}


if [ -e /etc/ssh/sshd_config ]
then
    # An empty version means we're upgrading from before the package split,
    # so check.
    if dpkg --compare-versions "$version" lt 1:3.8.1p1-11
    then
	passwordauth="$(get_config_option PasswordAuthentication)"
	crauth="$(get_config_option ChallengeResponseAuthentication)"
	if [ "$passwordauth" = no ] && \
	   ([ -z "$crauth" ] || [ "$crauth" = yes ])
	then
	    db_input critical ssh/disable_cr_auth || true
	fi
    fi
fi 


db_go

exit 0