This is the last call for comments for the review of debconf templates for openssh. The reviewed templates will be sent on Friday, April 20, 2007 to the package maintainer as a bug report and a mail will be sent to this list with "[BTS]" as a subject tag. --
Template: ssh/new_config Type: boolean Default: true _Description: Generate a new configuration file for OpenSSH? This version of OpenSSH has a considerably changed configuration file from the version shipped in Debian 'Potato', which you appear to be upgrading from. This package can now generate a new configuration file (/etc/ssh/sshd.config), which will work with the new server version, but will not contain any customizations you made with the old version. . Please note that this new configuration file will set the value of 'PermitRootLogin' to 'yes' (meaning that anyone knowing the root password can ssh directly in as root). Please read the README.Debian files for more details about this design choice. . It is strongly recommended that choose to generate a new configuration file now. Template: ssh/use_old_init_script Type: boolean Default: false _Description: Do you want to risk killing active SSH sessions? The currently installed version of /etc/init.d/ssh is likely to kill all running sshd instances. If you are doing this upgrade via an SSH session, you're likely to be disconnected and leave the upgrade procedure unfinished. . This can be fixed by manually adding "--pidfile /var/run/sshd.pid" to the start-stop-daemon line in the stop section of the file. Template: ssh/encrypted_host_key_but_no_keygen Type: note _Description: New host key mandatory The current host key, in /etc/ssh/ssh_host_key, is encrypted with the IDEA algorithm. OpenSSH can not handle this host key file, and the ssh-keygen utility from the old (non-free) SSH installation does not appear to be available. . You need to manually generate a new host key. Template: ssh/disable_cr_auth Type: boolean Default: false _Description: Disable challenge-response authentication? Password authentication appears to be disabled in the current OpenSSH server configuration. In order to prevent users from logging in using passwords (perhaps using only public key authentication instead) with recent versions of OpenSSH, you must disable challenge-response authentication, or else ensure that your PAM configuration does not allow Unix password file authentication. . If you disable challenge-response authentication, then users will not be able to log in using passwords. If you leave it enabled (the default answer), then the 'PasswordAuthentication no' option will have no useful effect unless you also adjust your PAM configuration in /etc/pam.d/ssh.
Source: openssh Section: net Priority: standard Maintainer: Matthew Vernon <matthew@debian.org> Build-Depends: libwrap0-dev | libwrap-dev, zlib1g-dev | libz-dev, libssl-dev (>= 0.9.8-1), libpam0g-dev | libpam-dev, libgnomeui-dev (>= 2.0.0) | libgnome-dev, libedit-dev, groff, debhelper (>= 5.0.22), sharutils, libselinux1-dev [alpha amd64 arm armeb hppa i386 ia64 m68k mips mipsel powerpc ppc64 s390 sparc], libkrb5-dev Standards-Version: 3.7.2 Uploaders: Colin Watson <cjwatson@debian.org> Package: openssh-client Architecture: any Depends: ${shlibs:Depends}, ${debconf-depends}, adduser (>= 3.10), dpkg (>= 1.7.0), passwd Conflicts: ssh (<< 1:3.8.1p1-9), sftp, rsh-client (<<0.16.1-1), ssh-krb5 (<< 1:4.3p2-7) Replaces: ssh, ssh-krb5 Suggests: ssh-askpass, xbase-clients Provides: rsh-client, ssh-client Description: secure shell client, an rlogin/rsh/rcp replacement This is the portable version of OpenSSH, a free implementation of the Secure Shell protocol as specified by the IETF secsh working group. . Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands on a remote machine. It provides secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. It is intended as a replacement for rlogin, rsh and rcp, and can be used to provide applications with a secure communication channel. . This package provides the ssh, scp and sftp clients, the ssh-agent and ssh-add programs to make public key authentication more convenient, and the ssh-keygen, ssh-keyscan, ssh-copy-id and ssh-argv0 utilities. . In some countries it may be illegal to use any encryption at all without a special permit. Package: openssh-server Priority: optional Architecture: any Depends: ${shlibs:Depends}, ${debconf-depends}, ${pam-depends}, libpam-modules (>= 0.72-9), adduser (>= 3.9), dpkg (>= 1.9.0), openssh-client (= ${Source-Version}) Conflicts: ssh (<< 1:3.8.1p1-9), ssh-nonfree (<<2), ssh-socks, ssh2, sftp, rsh-client (<<0.16.1-1), ssh-krb5 (<< 1:4.3p2-7) Replaces: ssh, openssh-client (<< 1:3.8.1p1-11), ssh-krb5 Suggests: ssh-askpass, xbase-clients, rssh, molly-guard Provides: ssh-server Description: secure shell server, an rshd replacement This is the portable version of OpenSSH, a free implementation of the Secure Shell protocol as specified by the IETF secsh working group. . Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands on a remote machine. It provides secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. It is intended as a replacement for rlogin, rsh and rcp, and can be used to provide applications with a secure communication channel. . This package provides the sshd server. . In some countries it may be illegal to use any encryption at all without a special permit. Package: ssh Priority: extra Architecture: all Depends: openssh-client, openssh-server Description: secure shell client and server (transitional package) This is a transitional package depending on both the OpenSSH client and the OpenSSH server, which are now in separate packages. You may remove it once the upgrade is complete and nothing depends on it. Package: ssh-krb5 Priority: extra Architecture: all Depends: openssh-client, openssh-server Description: secure shell client and server (transitional package) This is a transitional package depending on the regular Debian OpenSSH client and server, which now support GSSAPI natively. It will add the necessary GSSAPI options to the server configuration file. You can remove it once the upgrade is complete and nothing depends on it. Package: ssh-askpass-gnome Section: gnome Priority: optional Architecture: any Depends: ${shlibs:Depends}, openssh-client | ssh (>= 1:1.2pre7-4) | ssh-krb5 Replaces: ssh (<< 1:3.5p1-3) Provides: ssh-askpass Description: interactive X program to prompt users for a passphrase for ssh-add This has been split out of the main ssh package, so that the ssh will not need to depend upon the Gnome libraries. . You probably want the ssh-askpass package instead, but this is provided to add to your choice and/or confusion. Package: openssh-client-udeb XC-Package-Type: udeb Section: debian-installer Priority: optional Architecture: any Depends: ${shlibs:Depends}, libnss-files-udeb XB-Installer-Menu-Item: 999 Description: secure shell client for the Debian installer This is the portable version of OpenSSH, a free implementation of the Secure Shell protocol as specified by the IETF secsh working group. . This package provides the ssh client for use in debian-installer. Package: openssh-server-udeb XC-Package-Type: udeb Section: debian-installer Priority: optional Architecture: any Depends: ${shlibs:Depends}, libnss-files-udeb Description: secure shell server for the Debian installer This is the portable version of OpenSSH, a free implementation of the Secure Shell protocol as specified by the IETF secsh working group. . This package provides the sshd server for use in debian-installer. Since it is expected to be used in specialized situations (e.g. S/390 installs with no console), it does not provide any configuration.
Attachment:
signature.asc
Description: Digital signature