summaryrefslogtreecommitdiffstats
path: root/debian/openssh-server.config
diff options
context:
space:
mode:
Diffstat (limited to 'debian/openssh-server.config')
-rw-r--r--debian/openssh-server.config46
1 files changed, 46 insertions, 0 deletions
diff --git a/debian/openssh-server.config b/debian/openssh-server.config
new file mode 100644
index 0000000..4a66a35
--- /dev/null
+++ b/debian/openssh-server.config
@@ -0,0 +1,46 @@
+#! /bin/sh
+set -e
+
+. /usr/share/debconf/confmodule
+db_version 2.0
+
+get_config_option() {
+ option="$1"
+
+ [ -f /etc/ssh/sshd_config ] || return
+
+ # TODO: actually only one '=' allowed after option
+ perl -lne '
+ s/[[:space:]]+/ /g; s/[[:space:]]+$//;
+ print if s/^[[:space:]]*'"$option"'[[:space:]=]+//i' \
+ /etc/ssh/sshd_config 2>/dev/null
+}
+
+permit_root_login="$(get_config_option PermitRootLogin)" || true
+password_authentication="$(get_config_option PasswordAuthentication)" || true
+if [ -f /etc/ssh/sshd_config ]; then
+ # Make sure the debconf database is in sync with the current state
+ # of the system.
+ if [ "$permit_root_login" = yes ]; then
+ db_set openssh-server/permit-root-login false
+ else
+ db_set openssh-server/permit-root-login true
+ fi
+ if [ "$password_authentication" = no ]; then
+ db_set openssh-server/password-authentication false
+ else
+ db_set openssh-server/password-authentication true
+ fi
+fi
+
+if dpkg --compare-versions "$2" lt-nl 1:6.6p1-1 && \
+ [ "$permit_root_login" = yes ]; then
+ if [ "$(getent shadow root | cut -d: -f2)" = "!" ]; then
+ db_set openssh-server/permit-root-login true
+ else
+ db_input high openssh-server/permit-root-login || true
+ db_go
+ fi
+fi
+
+exit 0
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-22 05:53:28 +0000