This is the last call for comments for the review of debconf templates for openssh. The reviewed templates will be sent on Friday, April 20, 2007 to the package maintainer as a bug report and a mail will be sent to this list with "[BTS]" as a subject tag. --
Template: ssh/new_config Type: boolean Default: true _Description: Generate a new configuration file for OpenSSH? This version of OpenSSH has a considerably changed configuration file from the version shipped in Debian 'Potato', which you appear to be upgrading from. This package can now generate a new configuration file (/etc/ssh/sshd.config), which will work with the new server version, but will not contain any customizations you made with the old version. . Please note that this new configuration file will set the value of 'PermitRootLogin' to 'yes' (meaning that anyone knowing the root password can ssh directly in as root). Please read the README.Debian files for more details about this design choice. . It is strongly recommended that choose to generate a new configuration file now. Template: ssh/use_old_init_script Type: boolean Default: false _Description: Do you want to risk killing active SSH sessions? The currently installed version of /etc/init.d/ssh is likely to kill all running sshd instances. If you are doing this upgrade via an SSH session, you're likely to be disconnected and leave the upgrade procedure unfinished. . This can be fixed by manually adding "--pidfile /var/run/sshd.pid" to the start-stop-daemon line in the stop section of the file. Template: ssh/encrypted_host_key_but_no_keygen Type: note _Description: New host key mandatory The current host key, in /etc/ssh/ssh_host_key, is encrypted with the IDEA algorithm. OpenSSH can not handle this host key file, and the ssh-keygen utility from the old (non-free) SSH installation does not appear to be available. . You need to manually generate a new host key. Template: ssh/disable_cr_auth Type: boolean Default: false _Description: Disable challenge-response authentication? Password authentication appears to be disabled in the current OpenSSH server configuration. In order to prevent users from logging in using passwords (perhaps using only public key authentication instead) with recent versions of OpenSSH, you must disable challenge-response authentication, or else ensure that your PAM configuration does not allow Unix password file authentication. . If you disable challenge-response authentication, then users will not be able to log in using passwords. If you leave it enabled (the default answer), then the 'PasswordAuthentication no' option will have no useful effect unless you also adjust your PAM configuration in /etc/pam.d/ssh.
Source: openssh
Section: net
Priority: standard
Maintainer: Matthew Vernon <matthew@debian.org>
Build-Depends: libwrap0-dev | libwrap-dev, zlib1g-dev | libz-dev, libssl-dev (>= 0.9.8-1), libpam0g-dev | libpam-dev, libgnomeui-dev (>= 2.0.0) | libgnome-dev, libedit-dev, groff, debhelper (>= 5.0.22), sharutils, libselinux1-dev [alpha amd64 arm armeb hppa i386 ia64 m68k mips mipsel powerpc ppc64 s390 sparc], libkrb5-dev
Standards-Version: 3.7.2
Uploaders: Colin Watson <cjwatson@debian.org>
Package: openssh-client
Architecture: any
Depends: ${shlibs:Depends}, ${debconf-depends}, adduser (>= 3.10), dpkg (>= 1.7.0), passwd
Conflicts: ssh (<< 1:3.8.1p1-9), sftp, rsh-client (<<0.16.1-1), ssh-krb5 (<< 1:4.3p2-7)
Replaces: ssh, ssh-krb5
Suggests: ssh-askpass, xbase-clients
Provides: rsh-client, ssh-client
Description: secure shell client, an rlogin/rsh/rcp replacement
This is the portable version of OpenSSH, a free implementation of
the Secure Shell protocol as specified by the IETF secsh working
group.
.
Ssh (Secure Shell) is a program for logging into a remote machine
and for executing commands on a remote machine.
It provides secure encrypted communications between two untrusted
hosts over an insecure network. X11 connections and arbitrary TCP/IP
ports can also be forwarded over the secure channel.
It is intended as a replacement for rlogin, rsh and rcp, and can be
used to provide applications with a secure communication channel.
.
This package provides the ssh, scp and sftp clients, the ssh-agent
and ssh-add programs to make public key authentication more convenient,
and the ssh-keygen, ssh-keyscan, ssh-copy-id and ssh-argv0 utilities.
.
In some countries it may be illegal to use any encryption at all
without a special permit.
Package: openssh-server
Priority: optional
Architecture: any
Depends: ${shlibs:Depends}, ${debconf-depends}, ${pam-depends}, libpam-modules (>= 0.72-9), adduser (>= 3.9), dpkg (>= 1.9.0), openssh-client (= ${Source-Version})
Conflicts: ssh (<< 1:3.8.1p1-9), ssh-nonfree (<<2), ssh-socks, ssh2, sftp, rsh-client (<<0.16.1-1), ssh-krb5 (<< 1:4.3p2-7)
Replaces: ssh, openssh-client (<< 1:3.8.1p1-11), ssh-krb5
Suggests: ssh-askpass, xbase-clients, rssh, molly-guard
Provides: ssh-server
Description: secure shell server, an rshd replacement
This is the portable version of OpenSSH, a free implementation of
the Secure Shell protocol as specified by the IETF secsh working
group.
.
Ssh (Secure Shell) is a program for logging into a remote machine
and for executing commands on a remote machine.
It provides secure encrypted communications between two untrusted
hosts over an insecure network. X11 connections and arbitrary TCP/IP
ports can also be forwarded over the secure channel.
It is intended as a replacement for rlogin, rsh and rcp, and can be
used to provide applications with a secure communication channel.
.
This package provides the sshd server.
.
In some countries it may be illegal to use any encryption at all
without a special permit.
Package: ssh
Priority: extra
Architecture: all
Depends: openssh-client, openssh-server
Description: secure shell client and server (transitional package)
This is a transitional package depending on both the OpenSSH client and
the OpenSSH server, which are now in separate packages. You may remove
it once the upgrade is complete and nothing depends on it.
Package: ssh-krb5
Priority: extra
Architecture: all
Depends: openssh-client, openssh-server
Description: secure shell client and server (transitional package)
This is a transitional package depending on the regular Debian OpenSSH
client and server, which now support GSSAPI natively. It will add the
necessary GSSAPI options to the server configuration file. You can
remove it once the upgrade is complete and nothing depends on it.
Package: ssh-askpass-gnome
Section: gnome
Priority: optional
Architecture: any
Depends: ${shlibs:Depends}, openssh-client | ssh (>= 1:1.2pre7-4) | ssh-krb5
Replaces: ssh (<< 1:3.5p1-3)
Provides: ssh-askpass
Description: interactive X program to prompt users for a passphrase for ssh-add
This has been split out of the main ssh package, so that the ssh will
not need to depend upon the Gnome libraries.
.
You probably want the ssh-askpass package instead, but this is
provided to add to your choice and/or confusion.
Package: openssh-client-udeb
XC-Package-Type: udeb
Section: debian-installer
Priority: optional
Architecture: any
Depends: ${shlibs:Depends}, libnss-files-udeb
XB-Installer-Menu-Item: 999
Description: secure shell client for the Debian installer
This is the portable version of OpenSSH, a free implementation of
the Secure Shell protocol as specified by the IETF secsh working
group.
.
This package provides the ssh client for use in debian-installer.
Package: openssh-server-udeb
XC-Package-Type: udeb
Section: debian-installer
Priority: optional
Architecture: any
Depends: ${shlibs:Depends}, libnss-files-udeb
Description: secure shell server for the Debian installer
This is the portable version of OpenSSH, a free implementation of
the Secure Shell protocol as specified by the IETF secsh working
group.
.
This package provides the sshd server for use in debian-installer.
Since it is expected to be used in specialized situations (e.g. S/390
installs with no console), it does not provide any configuration.
Attachment:
signature.asc
Description: Digital signature