Adding debian version 1:9.6p1-4.debian/1%9.6p1-4

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 127 insertions, 0 deletions

diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst
new file mode 100644
index 0000000..4114d35
--- /dev/null
+++ b/debian/openssh-server.postinst
@@ -0,0 +1,127 @@
+#!/bin/sh
+set -e
+
+. /usr/share/debconf/confmodule
+db_version 2.0
+
+action="$1"
+
+umask 022
+
+
+get_config_option() {
+	option="$1"
+
+	[ -f /etc/ssh/sshd_config ] || return
+
+	/usr/sbin/sshd -G | sed -n "s/^$option //Ip"
+}
+
+
+create_key() {
+	msg="$1"
+	shift
+	hostkeys="$1"
+	shift
+	file="$1"
+	shift
+
+	if echo "$hostkeys" | grep -x "$file" >/dev/null && \
+	   [ ! -f "$file" ] ; then
+		printf %s "$msg"
+		ssh-keygen -q -f "$file" -N '' "$@"
+		echo
+		if command -v restorecon >/dev/null 2>&1; then
+			restorecon "$file" "$file.pub"
+		fi
+		ssh-keygen -l -f "$file.pub"
+	fi
+}
+
+
+create_keys() {
+	hostkeys="$(get_config_option HostKey)"
+
+	create_key "Creating SSH2 RSA key; this may take some time ..." \
+		"$hostkeys" /etc/ssh/ssh_host_rsa_key -t rsa
+	create_key "Creating SSH2 DSA key; this may take some time ..." \
+		"$hostkeys" /etc/ssh/ssh_host_dsa_key -t dsa
+	create_key "Creating SSH2 ECDSA key; this may take some time ..." \
+		"$hostkeys" /etc/ssh/ssh_host_ecdsa_key -t ecdsa
+	create_key "Creating SSH2 ED25519 key; this may take some time ..." \
+		"$hostkeys" /etc/ssh/ssh_host_ed25519_key -t ed25519
+}
+
+
+new_config=
+
+cleanup() {
+	if [ "$new_config" ]; then
+		rm -f "$new_config"
+	fi
+}
+
+
+create_sshdconfig() {
+	# XXX cjwatson 2016-12-24: This debconf template is very confusingly
+	# named; its description is "Disable SSH password authentication for
+	# root?", so true -> prohibit-password (the upstream default),
+	# false -> yes.
+	db_get openssh-server/permit-root-login
+	permit_root_login="$RET"
+	db_get openssh-server/password-authentication
+	password_authentication="$RET"
+
+	trap cleanup EXIT
+	new_config="$(mktemp)"
+	cp -aZ /usr/share/openssh/sshd_config "$new_config"
+	if [ "$permit_root_login" != true ]; then
+		sed -i 's/^#*PermitRootLogin .*/PermitRootLogin yes/' \
+			"$new_config"
+	fi
+	if [ "$password_authentication" != true ]; then
+		sed -i 's/^#PasswordAuthentication .*/PasswordAuthentication no/' \
+			"$new_config"
+	fi
+	mkdir -pZ /etc/ssh
+	ucf --three-way --debconf-ok \
+		--sum-file /usr/share/openssh/sshd_config.md5sum \
+		"$new_config" /etc/ssh/sshd_config
+	ucfr openssh-server /etc/ssh/sshd_config
+}
+
+setup_sshd_user() {
+	if ! getent passwd sshd >/dev/null; then
+		adduser --quiet --system --no-create-home --home /run/sshd --shell /usr/sbin/nologin sshd
+	fi
+}
+
+if [ "$action" = configure ]; then
+	create_sshdconfig
+	create_keys
+	setup_sshd_user
+	if dpkg --compare-versions "$2" lt-nl 1:7.9p1-5 && \
+	   [ -f /etc/ssh/moduli.dpkg-bak ]; then
+	    # Handle /etc/ssh/moduli being moved from openssh-client to
+	    # openssh-server.  If there were no user modifications, then we
+	    # don't need to do anything special here; but if there were,
+	    # then the dpkg-maintscript-helper calls from openssh-client's
+	    # maintainer scripts will have saved the old file as .dpkg-bak,
+	    # which we now move back into place.
+	    mv /etc/ssh/moduli.dpkg-bak /etc/ssh/moduli
+	fi
+	if dpkg --compare-versions "$2" lt-nl 1:9.1p1-1~ && \
+	   deb-systemd-helper --quiet was-enabled ssh.socket && \
+	   [ -d /run/systemd/system ]
+	then
+		# migrate to systemd socket activation.
+		systemctl unmask ssh.service
+		systemctl disable ssh.service
+	fi
+fi
+
+#DEBHELPER#
+
+db_stop
+
+exit 0