6 # Source debconf library.
7 . /usr/share/debconf/confmodule
14 [ -f /etc/ssh/sshd_config ] || return
16 # TODO: actually only one '=' allowed after option
17 perl -ne 'print if s/^[[:space:]]*'"$option"'[[:space:]=]+//i' \
18 /etc/ssh/sshd_config 2>/dev/null
22 if [ -e /etc/init.d/ssh ] && ! grep -q pidfile /etc/init.d/ssh
24 db_fset ssh/use_old_init_script seen false
25 db_input medium ssh/use_old_init_script || true
28 db_get ssh/use_old_init_script
29 [ "$RET" = "false" ] && exit 0
31 db_set ssh/use_old_init_script true
32 db_fset ssh/use_old_init_script seen true
35 if [ -e /etc/ssh/sshd_config ]
37 # An empty version means we're upgrading from before the package split,
39 if dpkg --compare-versions "$version" lt 1:3.8.1p1-11
41 passwordauth="$(get_config_option PasswordAuthentication)"
42 crauth="$(get_config_option ChallengeResponseAuthentication)"
43 if [ "$passwordauth" = no ] && \
44 ([ -z "$crauth" ] || [ "$crauth" = yes ])
46 db_input critical ssh/disable_cr_auth || true
51 key=/etc/ssh/ssh_host_key
53 if [ -n "$version" ] && [ -f $key ] && [ ! -x /usr/bin/ssh-keygen ] &&
54 dpkg --compare-versions "$version" lt 1.2.28
56 # make sure that keys get updated to get rid of IDEA; preinst
57 # actually does the work, but if the old ssh-keygen is not found,
58 # it can't do that -- thus, we tell the user that he must create
60 printf '\0\0' | 3<&0 sh -c \
61 'dd if=$key bs=1 skip=32 count=2 2>/dev/null | cmp -s - /dev/fd/3' || {
62 # this means that bytes 32&33 of the key were not both zero, in which
63 # case the key is encrypted, which we need to fix
64 db_input high ssh/encrypted_host_key_but_no_keygen || true