blob: 4a66a35e9cfd7081fe4a76aa350423b2d6babae9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
#! /bin/sh
set -e
. /usr/share/debconf/confmodule
db_version 2.0
get_config_option() {
option="$1"
[ -f /etc/ssh/sshd_config ] || return
# TODO: actually only one '=' allowed after option
perl -lne '
s/[[:space:]]+/ /g; s/[[:space:]]+$//;
print if s/^[[:space:]]*'"$option"'[[:space:]=]+//i' \
/etc/ssh/sshd_config 2>/dev/null
}
permit_root_login="$(get_config_option PermitRootLogin)" || true
password_authentication="$(get_config_option PasswordAuthentication)" || true
if [ -f /etc/ssh/sshd_config ]; then
# Make sure the debconf database is in sync with the current state
# of the system.
if [ "$permit_root_login" = yes ]; then
db_set openssh-server/permit-root-login false
else
db_set openssh-server/permit-root-login true
fi
if [ "$password_authentication" = no ]; then
db_set openssh-server/password-authentication false
else
db_set openssh-server/password-authentication true
fi
fi
if dpkg --compare-versions "$2" lt-nl 1:6.6p1-1 && \
[ "$permit_root_login" = yes ]; then
if [ "$(getent shadow root | cut -d: -f2)" = "!" ]; then
db_set openssh-server/permit-root-login true
else
db_input high openssh-server/permit-root-login || true
db_go
fi
fi
exit 0
|
