summaryrefslogtreecommitdiff
path: root/debian/openssh-server.config
blob: 4a66a35e9cfd7081fe4a76aa350423b2d6babae9 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
#! /bin/sh
set -e

. /usr/share/debconf/confmodule
db_version 2.0

get_config_option() {
	option="$1"

	[ -f /etc/ssh/sshd_config ] || return

	# TODO: actually only one '=' allowed after option
	perl -lne '
		s/[[:space:]]+/ /g; s/[[:space:]]+$//;
		print if s/^[[:space:]]*'"$option"'[[:space:]=]+//i' \
	   /etc/ssh/sshd_config 2>/dev/null
}

permit_root_login="$(get_config_option PermitRootLogin)" || true
password_authentication="$(get_config_option PasswordAuthentication)" || true
if [ -f /etc/ssh/sshd_config ]; then
	# Make sure the debconf database is in sync with the current state
	# of the system.
	if [ "$permit_root_login" = yes ]; then
		db_set openssh-server/permit-root-login false
	else
		db_set openssh-server/permit-root-login true
	fi
	if [ "$password_authentication" = no ]; then
		db_set openssh-server/password-authentication false
	else
		db_set openssh-server/password-authentication true
	fi
fi

if dpkg --compare-versions "$2" lt-nl 1:6.6p1-1 && \
   [ "$permit_root_login" = yes ]; then
	if [ "$(getent shadow root | cut -d: -f2)" = "!" ]; then
		db_set openssh-server/permit-root-login true
	else
		db_input high openssh-server/permit-root-login || true
		db_go
	fi
fi

exit 0