Ubuntu
openssh package

Merge ~enr0n/ubuntu/+source/openssh:merge-lp2018094-mantic into ubuntu/+source/openssh:debian/sid

  1. Git
  2. lp:~enr0n/ubuntu/+source/openssh
  3. merge-lp2018094-mantic
  4. Merge into debian/sid
Proposed by Nick Rosbrook
Status: Needs review
Proposed branch: ~enr0n/ubuntu/+source/openssh:merge-lp2018094-mantic
Merge into: ubuntu/+source/openssh:debian/sid
Diff against target: 1605 lines (+1016/-107)
30 files modified
debian/README.Debian (+10/-17)
debian/changelog (+133/-0)
debian/control (+2/-1)
debian/openssh-server.postinst (+192/-6)
debian/openssh-server.postrm (+4/-0)
debian/openssh-server.templates (+12/-0)
debian/openssh-server.tmpfile (+2/-0)
debian/openssh-server.ucf-md5sum (+24/-0)
debian/patches/series (+1/-0)
debian/patches/socket-activation-documentation.patch (+50/-0)
debian/patches/systemd-socket-activation.patch (+152/-44)
debian/po/cs.po (+26/-1)
debian/po/da.po (+26/-1)
debian/po/de.po (+26/-1)
debian/po/es.po (+26/-1)
debian/po/fr.po (+26/-1)
debian/po/it.po (+26/-1)
debian/po/ja.po (+26/-1)
debian/po/nl.po (+26/-1)
debian/po/pt.po (+26/-1)
debian/po/pt_BR.po (+26/-1)
debian/po/ru.po (+28/-3)
debian/po/sv.po (+26/-1)
debian/po/templates.pot (+27/-2)
debian/po/tr.po (+27/-2)
debian/rules (+3/-2)
debian/systemd/ssh.service (+0/-2)
debian/tests/control (+6/-0)
debian/tests/systemd-socket-activation (+57/-0)
dev/null (+0/-17)
Reviewer Review Type Date Requested Status
Steve Langasek (community) Approve
Review via email: mp+443364@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Steve Langasek (vorlon) :
review: Needs Information
Reply
Revision history for this message
Nick Rosbrook (enr0n) :
Reply
Revision history for this message
Steve Langasek (vorlon) :
review: Approve
Reply

Unmerged commits

f4a0129... by Nick Rosbrook

changelog

988a629... by Nick Rosbrook

update-maintainer

2c2be41... by Nick Rosbrook

reconstruct-changelog

f788eb2... by Nick Rosbrook

merge-changelogs

387eecd... by Nick Rosbrook

  * debian/openssh-server.ucf-md5sum: update for Ubuntu delta

182c872... by Nick Rosbrook

  * debian/README.Debian: mention drop-in configurations in instructions
    for disabling sshd socket activation (LP: #2017434).

409372d... by Nick Rosbrook

  * debian/tests/systemd-socket-activation: Add autopkgtest for systemd socket
    activation functionality.

a9ff51f... by Nick Rosbrook

  * debian/patches/systemd-socket-activation.patch: Fix sshd
    re-execution behavior when socket activation is used

2ff5428... by Nick Rosbrook

  * debian/openssh-server.tmpfile,debian/systemd/ssh.service: Move
    /run/sshd creation out of the systemd unit to a tmpfile config so
    that sshd can be run manually if necessary without having to create
    this directory by hand.

17af9ff... by Nick Rosbrook

  * debian/openssh-server.ucf-md5sum: Update list of stock sshd_config
    checksums to include those from jammy and kinetic.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/.gitignore b/debian/.gitignore
0deleted file mode 1006440deleted file mode 100644
index 988323b..0000000
--- a/debian/.gitignore
+++ /dev/null
@@ -1,17 +0,0 @@
1/*.debhelper*
2/*substvars
3/build-deb
4/build-udeb
5/files
6/keygen-test/key1
7/keygen-test/key1.pub
8/keygen-test/key2
9/keygen-test/key2.pub
10/openssh-client
11/openssh-client-udeb
12/openssh-server
13/openssh-server-udeb
14/ssh
15/ssh-askpass-gnome
16/ssh-krb5
17/tmp
diff --git a/debian/README.Debian b/debian/README.Debian
index 77d331b..83049c8 100644
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -184,23 +184,7 @@ this sshd manually on upgrades.
184Socket-based activation with systemd184Socket-based activation with systemd
185------------------------------------185------------------------------------
186186
187If you want to reconfigure systemd to listen on port 22 itself and launch187By default, socket-based activation is used on systems that use systemd.
188sshd on connection (systemd-style socket activation), then you can run:
189
190 systemctl disable --now ssh.service
191 systemctl start ssh.socket
192
193To roll back this change, run:
194
195 systemctl stop ssh.socket
196 systemctl enable --now ssh.service
197
198Or if you want to make this change permanent:
199
200 systemctl enable ssh.socket
201
202This may be appropriate in environments where minimal footprint is critical
203(e.g. cloud guests).
204188
205The provided ssh.socket unit file sets ListenStream=22. If you need to have189The provided ssh.socket unit file sets ListenStream=22. If you need to have
206it listen on a different address or port, then you will need to do this as190it listen on a different address or port, then you will need to do this as
@@ -215,6 +199,15 @@ follows (modifying ListenStream to match your requirements):
215199
216See systemd.socket(5) for details.200See systemd.socket(5) for details.
217201
202If you do not want to use socket activation for ssh on your system, you
203can disable socket activation by running:
204
205 systemctl disable --now ssh.socket
206 rm -f /etc/systemd/system/ssh.service.d/00-socket.conf
207 rm -f /etc/systemd/system/ssh.service.d/addresses.conf
208 systemctl daemon-reload
209 systemctl enable --now ssh.service
210
218Terminating SSH sessions cleanly on shutdown/reboot with systemd211Terminating SSH sessions cleanly on shutdown/reboot with systemd
219----------------------------------------------------------------212----------------------------------------------------------------
220213
diff --git a/debian/changelog b/debian/changelog
index c725f55..e883b37 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,37 @@
1openssh (1:9.2p1-2ubuntu1) mantic; urgency=medium
2
3 * Merge with Debian unstable (LP: #2018094). Remaining changes:
4 - debian/rules: modify dh_installsystemd invocations for
5 socket-activated sshd
6 - debian/openssh-server.postinst: handle migration of sshd_config options
7 to systemd socket options on upgrade.
8 - debian/README.Debian: document systemd socket activation.
9 - debian/patches/socket-activation-documentation.patch: Document in
10 sshd_config(5) that ListenAddress and Port no longer work.
11 - debian/openssh-server.templates: include debconf prompt explaining
12 when migration cannot happen due to multiple ListenAddress values
13 - debian/.gitignore: drop file
14 - debian/openssh-server.postrm: remove systemd drop-ins for
15 socket-activated sshd on purge
16 - debian/openssh-server.ucf-md5sum: Update list of stock sshd_config
17 checksums to include those from jammy and kinetic.
18 - debian/openssh-server.tmpfile,debian/systemd/ssh.service: Move
19 /run/sshd creation out of the systemd unit to a tmpfile config so
20 that sshd can be run manually if necessary without having to create
21 this directory by hand.
22 - debian/patches/systemd-socket-activation.patch: Fix sshd
23 re-execution behavior when socket activation is used
24 - debian/tests/systemd-socket-activation: Add autopkgtest for systemd socket
25 activation functionality.
26 * Dropped changes, included in Debian:
27 - debian/patches/systemd-socket-activation.patch: Initial implementation
28 * New changes:
29 - debian/README.Debian: mention drop-in configurations in instructions
30 for disabling sshd socket activation (LP: #2017434).
31 - debian/openssh-server.ucf-md5sum: update for Ubuntu delta
32
33 -- Nick Rosbrook <nick.rosbrook@canonical.com> Fri, 19 May 2023 15:18:17 -0400
34
1openssh (1:9.2p1-2) unstable; urgency=medium35openssh (1:9.2p1-2) unstable; urgency=medium
236
3 * Fix mistakenly-unreleased entry for 1:9.2p1-1 in debian/NEWS.37 * Fix mistakenly-unreleased entry for 1:9.2p1-1 in debian/NEWS.
@@ -249,6 +283,105 @@ openssh (1:9.1p1-1) unstable; urgency=medium
249283
250 -- Colin Watson <cjwatson@debian.org> Mon, 14 Nov 2022 16:25:45 +0000284 -- Colin Watson <cjwatson@debian.org> Mon, 14 Nov 2022 16:25:45 +0000
251285
286openssh (1:9.0p1-1ubuntu8.1) lunar; urgency=medium
287
288 * debian/patches/systemd-socket-activation.patch: Fix re-execution behavior
289 (LP: #2011458):
290 - Remove FD_CLOEXEC on fds passed by systemd to prevent automatic closing
291 when sshd re-executes.
292 - Do not manually close fds passed by systemd when re-executing.
293 - Only call sd_listen_fds() once, and only in the parent process.
294 - Check the LISTEN_FDS environment variable to get the number of fds
295 passed by systemd when re-executing as a child process.
296 * debian/tests/systemd-socket-activation: Add autopkgtest for systemd socket
297 activation functionality.
298
299 -- Nick Rosbrook <nick.rosbrook@canonical.com> Fri, 31 Mar 2023 12:44:32 -0400
300
301openssh (1:9.0p1-1ubuntu8) lunar; urgency=medium
302
303 * debian/openssh-server.postinst: Fix handling of ListenAddress when a port
304 is specified (LP: #1993478):
305 - Strip port before converting hostnames to numerical addresses.
306 - Only append ports when the ListenAddress does not already specify a
307 port.
308 - Revert socket migration on upgrade if a previous version did the
309 migration when it should not have.
310 * debian/openssh-server.postinst: Ignore empty directory failure from rmdir
311 when skipping socket migration (LP: #1995294).
312
313 -- Nick Rosbrook <nick.rosbrook@canonical.com> Tue, 25 Oct 2022 11:57:43 -0400
314
315openssh (1:9.0p1-1ubuntu7) kinetic; urgency=medium
316
317 * Update list of stock sshd_config checksums to include those from
318 jammy and kinetic.
319 * Add a workaround for LP: #1990863 (now fixed in livecd-rootfs) to
320 avoid spurious ucf prompts on upgrade.
321 * Move /run/sshd creation out of the systemd unit to a tmpfile config
322 so that sshd can be run manually if necessary without having to create
323 this directory by hand. LP: #1991283.
324
325 [ Nick Rosbrook ]
326 * debian/openssh-server.postinst: Fix addresses.conf generation when only
327 non-default Port is used in /etc/ssh/sshd_config (LP: #1991199).
328
329 -- Steve Langasek <vorlon@debian.org> Mon, 26 Sep 2022 21:55:14 +0000
330
331openssh (1:9.0p1-1ubuntu6) kinetic; urgency=medium
332
333 * Fix syntax error in postinst :/
334
335 -- Steve Langasek <vorlon@debian.org> Fri, 23 Sep 2022 19:51:32 +0000
336
337openssh (1:9.0p1-1ubuntu5) kinetic; urgency=medium
338
339 * Correctly handle the case of new installs, and correctly apply systemd
340 unit overrides on upgrade from existing kinetic systems.
341
342 -- Steve Langasek <vorlon@debian.org> Fri, 23 Sep 2022 19:45:18 +0000
343
344openssh (1:9.0p1-1ubuntu4) kinetic; urgency=medium
345
346 * Don't migrate users to socket activation if multiple ListenAddresses
347 might make sshd unreliable on boot.
348 * Fix regexp bug that prevented proper migration of IPv6 address settings.
349
350 -- Steve Langasek <vorlon@debian.org> Fri, 23 Sep 2022 19:35:37 +0000
351
352openssh (1:9.0p1-1ubuntu3) kinetic; urgency=medium
353
354 * Document in the default sshd_config file the changes in behavior
355 triggered by use of socket-based activation.
356
357 -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 26 Aug 2022 00:40:11 +0000
358
359openssh (1:9.0p1-1ubuntu2) kinetic; urgency=medium
360
361 * Fix manpage to not claim socket-based activation is the default on
362 Debian!
363
364 -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 26 Aug 2022 00:21:42 +0000
365
366openssh (1:9.0p1-1ubuntu1) kinetic; urgency=medium
367
368 * debian/patches/systemd-socket-activation.patch: support systemd
369 socket activation.
370 * debian/systemd/ssh.socket, debian/systemd/ssh.service: use socket
371 activation by default.
372 * debian/rules: rejigger dh_installsystemd invocations so ssh.service and
373 ssh.socket don't fight.
374 * debian/openssh-server.postinst: handle migration of sshd_config options
375 to systemd socket options on upgrade.
376 * debian/README.Debian: document systemd socket activation.
377 * debian/patches/socket-activation-documentation.patch: Document in
378 sshd_config(5) that ListenAddress and Port no longer work.
379 * debian/openssh-server.templates, debian/openssh-server.postinst: include
380 debconf warning about possible service failure with multiple
381 ListenAddress settings.
382
383 -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 19 Aug 2022 20:43:16 +0000
384
252openssh (1:9.0p1-1) unstable; urgency=medium385openssh (1:9.0p1-1) unstable; urgency=medium
253386
254 * New upstream release (https://www.openssh.com/releasenotes.html#9.0p1):387 * New upstream release (https://www.openssh.com/releasenotes.html#9.0p1):
diff --git a/debian/control b/debian/control
index f3ed979..aa9cc2e 100644
--- a/debian/control
+++ b/debian/control
@@ -1,7 +1,8 @@
1Source: openssh1Source: openssh
2Section: net2Section: net
3Priority: standard3Priority: standard
4Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>4Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
5XSBC-Original-Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
5Build-Depends: debhelper (>= 13.1~),6Build-Depends: debhelper (>= 13.1~),
6 debhelper-compat (= 13),7 debhelper-compat (= 13),
7 dh-exec,8 dh-exec,
diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst
index d38695f..a9d5894 100644
--- a/debian/openssh-server.postinst
+++ b/debian/openssh-server.postinst
@@ -20,6 +20,86 @@ get_config_option() {
20 /etc/ssh/sshd_config20 /etc/ssh/sshd_config
21}21}
2222
23get_config_option_all() {
24 option="$1"
25 file="$2"
26
27 if [ -z "$file" ]; then
28 file=/etc/ssh/sshd_config
29 fi
30
31 [ -f "$file" ] || return 0
32 # ListenAddress and Port only take a single word argument so anything
33 # after this must be a comment
34 while read option2 value junk; do
35 case $option2 in
36 $option)
37 echo $value
38 ;;
39 Include)
40 # globs
41 for f in $value; do
42 get_config_option_all "$option" "$f"
43 done
44 ;;
45 esac
46 done < $file
47}
48
49hostnames_to_addresses() {
50 addresses="$1"
51 for address in $addresses; do
52 address_no_port="$(address_strip_port $address)"
53 if echo "$address_no_port" | grep -q '^[0-9a-f:]\+$\|^[0-9.]\+$'; then
54 numeric_addresses="$numeric_addresses $address"
55 else
56 new_addresses=$( (getent ahostsv4 $address_no_port;
57 getent ahostsv6 $address_no_port) \
58 | awk '$1 ~ /^::ffff:/ || $2 != "STREAM" { next; }
59 $1 ~ /:/ { print "[" $1 "]"; next; }
60 { print $1 }' \
61 | sort -u)
62 port="$(port_from_address $address)"
63 if [ -n "$port" ]; then
64 new_addresses="$(for addr in $new_addresses; do echo $addr:$port; done)"
65 fi
66 numeric_addresses="$numeric_addresses $new_addresses"
67 fi
68 done
69 echo "$numeric_addresses"
70}
71
72port_from_address() {
73 address="$1"
74 if echo $address | grep -q '^\[[0-9a-f:]*\]:'; then
75 # This is an IPv6 address with a port.
76 port="$(echo $address | awk -F':' '{print $NF}')"
77 elif echo $address | grep -q '^\[[0-9a-f:]*\]\+$\|^[0-9a-f:]\+$'; then
78 # This is an IPv6 address without a port.
79 port=""
80 else
81 # This is an IPv4 address or hostname, where the port
82 # may or may not be specified.
83 port="$(echo $address | awk -F':' '{print $2}')"
84 fi
85 echo "$port"
86}
87
88address_strip_port() {
89 address="$1"
90 if echo $address | grep -q '^\[[0-9a-f:]*\]\(:\|$\)'; then
91 # This is an IPv6 address in brackets, with or without a port.
92 address_no_port="$(echo $address | awk -F '[][]' '{print $2}')"
93 elif echo $address | grep -q '^[0-9a-f:]\+$'; then
94 # This is an IPv6 address with no brackets and no port.
95 address_no_port="$address"
96 else
97 # This is an IPv4 address or hostname, where the port
98 # may or may not be specified.
99 address_no_port="$(echo $address | awk -F':' '{print $1}')"
100 fi
101 echo "$address_no_port"
102}
23103
24host_keys_required() {104host_keys_required() {
25 hostkeys="$(get_config_option HostKey)"105 hostkeys="$(get_config_option HostKey)"
@@ -71,15 +151,20 @@ create_keys() {
71151
72152
73new_config=153new_config=
154workaround=
74155
75cleanup() {156cleanup() {
76 if [ "$new_config" ]; then157 if [ "$new_config" ]; then
77 rm -f "$new_config"158 rm -f "$new_config"
78 fi159 fi
160 if [ "$workaround" ]; then
161 rm -f "$workaround"
162 fi
79}163}
80164
81165
82create_sshdconfig() {166create_sshdconfig() {
167 prev_ver="$1"
83 # XXX cjwatson 2016-12-24: This debconf template is very confusingly168 # XXX cjwatson 2016-12-24: This debconf template is very confusingly
84 # named; its description is "Disable SSH password authentication for169 # named; its description is "Disable SSH password authentication for
85 # root?", so true -> prohibit-password (the upstream default),170 # root?", so true -> prohibit-password (the upstream default),
@@ -101,6 +186,21 @@ create_sshdconfig() {
101 "$new_config"186 "$new_config"
102 fi187 fi
103 mkdir -pZ /etc/ssh188 mkdir -pZ /etc/ssh
189
190 # Workaround for LP: #1968873: if we have an sshd_config with a known
191 # checksum, confirm it via ucf before applying the changes from
192 # the new version.
193 if dpkg --compare-versions "$prev_ver" lt-nl 1:9.0p1-1ubuntu7 \
194 && grep -q "^$(md5sum /etc/ssh/sshd_config | awk '{ print $1 }')" \
195 /usr/share/openssh/sshd_config.md5sum
196 then
197 workaround="$(mktemp)"
198 sed -e'14,16d' "$new_config" > "$workaround"
199 ucf --three-way --debconf-ok \
200 --sum-file /usr/share/openssh/sshd_config.md5sum \
201 "$workaround" /etc/ssh/sshd_config
202 fi
203
104 ucf --three-way --debconf-ok \204 ucf --three-way --debconf-ok \
105 --sum-file /usr/share/openssh/sshd_config.md5sum \205 --sum-file /usr/share/openssh/sshd_config.md5sum \
106 "$new_config" /etc/ssh/sshd_config206 "$new_config" /etc/ssh/sshd_config
@@ -114,7 +214,7 @@ setup_sshd_user() {
114}214}
115215
116if [ "$action" = configure ]; then216if [ "$action" = configure ]; then
117 create_sshdconfig217 create_sshdconfig "$2"
118 create_keys218 create_keys
119 setup_sshd_user219 setup_sshd_user
120 if dpkg --compare-versions "$2" lt-nl 1:7.9p1-5 && \220 if dpkg --compare-versions "$2" lt-nl 1:7.9p1-5 && \
@@ -127,18 +227,104 @@ if [ "$action" = configure ]; then
127 # which we now move back into place.227 # which we now move back into place.
128 mv /etc/ssh/moduli.dpkg-bak /etc/ssh/moduli228 mv /etc/ssh/moduli.dpkg-bak /etc/ssh/moduli
129 fi229 fi
130 if dpkg --compare-versions "$2" lt-nl 1:9.1p1-1~ && \230 if dpkg --compare-versions "$2" lt-nl 1:9.0p1-1ubuntu8~
131 deb-systemd-helper --quiet was-enabled ssh.socket && \
132 [ -d /run/systemd/system ]
133 then231 then
134 # migrate to systemd socket activation.232 # migrate to systemd socket activation.
135 systemctl unmask ssh.service233 addresses=$(get_config_option_all ListenAddress)
136 systemctl disable ssh.service234 addresses=$(hostnames_to_addresses "$addresses")
235 ports=$(get_config_option_all Port)
236 if [ -n "$addresses$ports" ]
237 then
238 override_dir=/etc/systemd/system/ssh.socket.d
239 mkdir -p "$override_dir"
240 echo '[Socket]' > "$override_dir"/addresses.conf.new
241 echo 'ListenStream=' >> "$override_dir"/addresses.conf.new
242 fi
243 if [ -n "$addresses" ]; then
244 [ -n "$ports" ] || ports=22
245 count=0
246 for address in $addresses; do
247 count=$((count+1))
248 port_from_address="$(port_from_address $address)"
249 if [ -z "$port_from_address" ]; then
250 for port in $ports; do
251 echo "ListenStream=$address:$port" \
252 >> "$override_dir"/addresses.conf.new
253 done
254 else
255 echo "ListenStream=$address" \
256 >> "$override_dir"/addresses.conf.new
257 fi
258 done
259 if [ $count -gt 1 ]; then
260 db_input critical openssh-server/listenstream-may-fail || true
261 db_go || true
262 rm -f "$override_dir"/addresses.conf.new
263 rmdir --ignore-fail-on-non-empty "$override_dir"
264 NO_SOCKET_MIGRATION=1
265 fi
266 elif [ -n "$ports" ]; then
267 for port in $ports; do
268 echo "ListenStream=$port" \
269 >> "$override_dir"/addresses.conf.new
270 done
271 fi
272
273 if [ -z "$NO_SOCKET_MIGRATION" ] && [ -n "$addresses$ports" ]
274 then
275 mv "$override_dir"/addresses.conf.new \
276 "$override_dir"/addresses.conf
277 fi
278 fi
279 if dpkg --compare-versions "$2" lt 1:9.0p1-1ubuntu5~; then
280 if [ -z "$NO_SOCKET_MIGRATION" ]; then
281 override_dir=/etc/systemd/system/ssh.service.d
282 mkdir -p "$override_dir"
283 echo '[Unit]' > "$override_dir"/00-socket.conf
284 echo 'After=ssh.socket' >> "$override_dir"/00-socket.conf
285 echo 'Requires=ssh.socket' >> "$override_dir"/00-socket.conf
286
287 # deb-systemd-helper is inadequate for the task of
288 # changing policy for the units on upgrade
289 if [ -d /run/systemd/system ]; then
290 systemctl daemon-reload
291 systemctl disable ssh.service
292 systemctl unmask ssh.service
293 systemctl stop ssh.service
294 systemctl enable ssh.socket
295 fi
296 fi
137 fi297 fi
298
299 # Revert socket migration if we can determine the user hit
300 # LP: #1993478.
301 if dpkg --compare-versions "$2" lt-nl 1:9.0p1-1ubuntu7~ \
302 && [ -e /etc/systemd/system/ssh.socket.d/addresses.conf ] \
303 && [ -e /etc/systemd/system/ssh.service.d/00-socket.conf ] \
304 && [ -n "$NO_SOCKET_MIGRATION" ]; then
305 rm /etc/systemd/system/ssh.socket.d/addresses.conf
306 rmdir --ignore-fail-on-non-empty /etc/systemd/system/ssh.socket.d
307 rm /etc/systemd/system/ssh.service.d/00-socket.conf
308 rmdir --ignore-fail-on-non-empty /etc/systemd/system/ssh.service.d
309 if [ -d /run/systemd/system ]; then
310 systemctl daemon-reload
311 systemctl disable ssh.socket
312 systemctl stop ssh.socket
313 systemctl enable ssh.service
314 fi
315 fi
138fi316fi
139317
140#DEBHELPER#318#DEBHELPER#
141319
320if [ -d /run/systemd/system ]; then
321 if deb-systemd-helper --quiet was-enabled ssh.socket; then
322 deb-systemd-invoke restart ssh.socket
323 elif deb-systemd-helper --quiet was-enabled ssh.service; then
324 deb-systemd-invoke restart ssh.service
325 fi
326fi
327
142db_stop328db_stop
143329
144exit 0330exit 0
diff --git a/debian/openssh-server.postrm b/debian/openssh-server.postrm
index fbaeb17..46798dd 100644
--- a/debian/openssh-server.postrm
+++ b/debian/openssh-server.postrm
@@ -23,6 +23,10 @@ case $1 in
23 if command -v ucfr >/dev/null 2>&1; then23 if command -v ucfr >/dev/null 2>&1; then
24 ucfr --purge openssh-server /etc/ssh/sshd_config24 ucfr --purge openssh-server /etc/ssh/sshd_config
25 fi25 fi
26 rm -f /etc/systemd/system/ssh.service.d/00-socket.conf
27 rm -f /etc/systemd/system/ssh.socket.d/addresses.conf
28 rmdir /etc/systemd/system/ssh.service.d || true
29 rmdir /etc/systemd/system/ssh.socket.d || true
26 rm -f /etc/ssh/sshd_not_to_be_run30 rm -f /etc/ssh/sshd_not_to_be_run
27 [ ! -d /etc/ssh ] || rmdir --ignore-fail-on-non-empty /etc/ssh31 [ ! -d /etc/ssh ] || rmdir --ignore-fail-on-non-empty /etc/ssh
2832
diff --git a/debian/openssh-server.templates b/debian/openssh-server.templates
index e071fe3..31f2935 100644
--- a/debian/openssh-server.templates
+++ b/debian/openssh-server.templates
@@ -21,3 +21,15 @@ Description: Allow password authentication?
21 By default, the SSH server will allow authenticating using a password.21 By default, the SSH server will allow authenticating using a password.
22 You may want to change this if all users on this system authenticate using22 You may want to change this if all users on this system authenticate using
23 a stronger authentication method, such as public keys.23 a stronger authentication method, such as public keys.
24
25Template: openssh-server/listenstream-may-fail
26Type: error
27_Description: Not migrating to socket activation
28 This version of openssh-server uses socket-based activation by default.
29 However, because you have more than one ListenAddress configured in
30 sshd_config, it is impossible to determine at upgrade time if migrating
31 you to socket-based activation would cause the starting of sshd at boot
32 to be unreliable.
33 .
34 Because a failure to start ssh may make it impossible to admininister a
35 system, you will not be migrated to socket-based activation at this time.
diff --git a/debian/openssh-server.tmpfile b/debian/openssh-server.tmpfile
24new file mode 10064436new file mode 100644
index 0000000..76c6323
--- /dev/null
+++ b/debian/openssh-server.tmpfile
@@ -0,0 +1,2 @@
1#Type Path Mode UID GID Age Arguments
2D /run/sshd 0755 root root - -
diff --git a/debian/openssh-server.ucf-md5sum b/debian/openssh-server.ucf-md5sum
index 3a9dc23..9a8efb6 100644
--- a/debian/openssh-server.ucf-md5sum
+++ b/debian/openssh-server.ucf-md5sum
@@ -103,8 +103,32 @@ cc873ab3ccc9cf3a3830c3c0728c0d0b
1039f1bec115595c0f76282d80abe5d9bcc1039f1bec115595c0f76282d80abe5d9bcc
104ae1a449c8adb31cb603e28fda5342696104ae1a449c8adb31cb603e28fda5342696
105105
106# From 1:8.4p1-5
1076dbdc3a27e1953d209f929df7aff0c57
1080ef8c8fe6a3afd12382dbb93cd7bbb4e
109ae1a449c8adb31cb603e28fda5342696
1109f1bec115595c0f76282d80abe5d9bcc
111
106# From 1:8.7p1-1:112# From 1:8.7p1-1:
107fe83fd23553510bb632dc8e6e35ab41a113fe83fd23553510bb632dc8e6e35ab41a
108d96ecd9064ea650c44372a5a33d3e497114d96ecd9064ea650c44372a5a33d3e497
1097fdb195ac56e0bf1992e18ac656811af1157fdb195ac56e0bf1992e18ac656811af
1104e03b4df60cd00c651777ec14ff76aef1164e03b4df60cd00c651777ec14ff76aef
117
118# From 1:8.9p1-3
11930e0fe758429c57d35a5e71dbd8dd2f8
12023a8a2b1a8f1538be49eb86313367191
121133f5f0119fbf5716b7d72048b25ea71
122697a81708f11897cb0fef857563dee55
123
124# From 1:9.0p1-1ubuntu3
12590ace5da6c7eb3041732930972662f34
126b2c07b86695152141e84f44e4414104a
127e7b9120b6e68c5666ac21a0cc03d4806
1289389be84e67cd5a91b97de5ff03c9306
129
130# From 1:9.2p1-2ubuntu1
131fac56840f6697a357368bb878dd8fb87
132d01da8c9de75176095712d4e37d5dcd5
133e4898846045f33b8d99d3263d6f6fd81
134ec46dc59ba9c9e9458add405264fcedd
diff --git a/debian/patches/series b/debian/patches/series
index cbbfc88..e7e2a9c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -26,3 +26,4 @@ maxhostnamelen.patch
26conch-ssh-rsa.patch26conch-ssh-rsa.patch
27systemd-socket-activation.patch27systemd-socket-activation.patch
28remove-spurious-ssh-agent-options.patch28remove-spurious-ssh-agent-options.patch
29socket-activation-documentation.patch
diff --git a/debian/patches/socket-activation-documentation.patch b/debian/patches/socket-activation-documentation.patch
29new file mode 10064430new file mode 100644
index 0000000..9afde55
--- /dev/null
+++ b/debian/patches/socket-activation-documentation.patch
@@ -0,0 +1,50 @@
1Index: openssh-9.0p1/sshd_config.5
2===================================================================
3--- openssh-9.0p1.orig/sshd_config.5
4+++ openssh-9.0p1/sshd_config.5
5@@ -1069,6 +1069,15 @@
6 Multiple
7 .Cm ListenAddress
8 options are permitted.
9+.Pp
10+.Cm Note:
11+On Ubuntu, the openssh-server package is configured to use systemd
12+socket-based activation by default. Therefore if you are using systemd with
13+the default configuration,
14+.Cm ListenAddress
15+options will not be honored. Address configuration must be handled in
16+.Pa /etc/systemd/system/ssh.socket.d
17+instead.
18 .It Cm LoginGraceTime
19 The server disconnects after this time if the user has not
20 successfully logged in.
21@@ -1520,6 +1529,15 @@
22 Multiple options of this type are permitted.
23 See also
24 .Cm ListenAddress .
25+.Pp
26+.Cm Note:
27+On Ubuntu, the openssh-server package is configured to use systemd
28+socket-based activation by default. Therefore if you are using systemd with
29+the default configuration,
30+.Cm Port
31+options will not be honored. Address configuration must be handled in
32+.Pa /etc/systemd/system/ssh.socket.d
33+instead.
34 .It Cm PrintLastLog
35 Specifies whether
36 .Xr sshd 8
37Index: openssh-9.0p1/sshd_config
38===================================================================
39--- openssh-9.0p1.orig/sshd_config
40+++ openssh-9.0p1/sshd_config
41@@ -12,6 +12,9 @@
42
43 Include /etc/ssh/sshd_config.d/*.conf
44
45+# Port and ListenAddress options are not used when sshd is socket-activated,
46+# which is now the default in Ubuntu. See sshd_config(5) and
47+# /usr/share/doc/openssh-server/README.Debian.gz for details.
48 #Port 22
49 #AddressFamily any
50 #ListenAddress 0.0.0.0
diff --git a/debian/patches/systemd-socket-activation.patch b/debian/patches/systemd-socket-activation.patch
index 5441622..3bfa116 100644
--- a/debian/patches/systemd-socket-activation.patch
+++ b/debian/patches/systemd-socket-activation.patch
@@ -1,47 +1,72 @@
1From 4cedd1c9acac0fba598db2eaf43278dfe8e53ef0 Mon Sep 17 00:00:00 20011Description: support systemd socket activation
2From: Steve Langasek <steve.langasek@ubuntu.com>2 Unlike inetd socket activation, with systemd socket activation the
3Date: Thu, 1 Sep 2022 16:03:37 +01003 supervisor passes the listened-on socket to the child process and lets
4Subject: Support systemd socket activation4 the child process handle the accept(). This lets us do delayed start
5 of the sshd daemon without becoming incompatible with config options
6 like ClientAliveCountMax.
7Author: Steve Langasek <steve.langasek@ubuntu.com>
8Author: Nick Rosbrook <nick.rosbrook@canonical.com>
9Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2011458
10Last-Update: 2023-04-17
511
6Unlike inetd socket activation, with systemd socket activation the
7supervisor passes the listened-on socket to the child process and lets
8the child process handle the accept(). This lets us do delayed start
9of the sshd daemon without becoming incompatible with config options
10like ClientAliveCountMax.
11
12Last-Update: 2022-09-01
13
14Patch-Name: systemd-socket-activation.patch
15---
16 sshd.c | 89 +++++++++++++++++++++++++++++++++++++++++++++++++---------
17 1 file changed, 75 insertions(+), 14 deletions(-)
18
19diff --git a/sshd.c b/sshd.c
20index 0a4eefe01..fc22fcb62 100644
21--- a/sshd.c12--- a/sshd.c
22+++ b/sshd.c13+++ b/sshd.c
23@@ -141,10 +141,16 @@ int deny_severity;14@@ -140,11 +140,14 @@
15 int deny_severity;
24 #endif /* LIBWRAP */16 #endif /* LIBWRAP */
25 17
18+/* This will only get set if we build with systemd. */
19+static int systemd_num_listen_fds;
20+
26 /* Re-exec fds */21 /* Re-exec fds */
27-#define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1)22-#define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1)
28-#define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2)23-#define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2)
29-#define REEXEC_CONFIG_PASS_FD (STDERR_FILENO + 3)24-#define REEXEC_CONFIG_PASS_FD (STDERR_FILENO + 3)
30-#define REEXEC_MIN_FREE_FD (STDERR_FILENO + 4)25-#define REEXEC_MIN_FREE_FD (STDERR_FILENO + 4)
31+#ifdef HAVE_SYSTEMD26+#define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1 + systemd_num_listen_fds)
32+#define SYSTEMD_OFFSET sd_listen_fds(0)27+#define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2 + systemd_num_listen_fds)
33+#else28+#define REEXEC_CONFIG_PASS_FD (STDERR_FILENO + 3 + systemd_num_listen_fds)
34+#define SYSTEMD_OFFSET 029+#define REEXEC_MIN_FREE_FD (STDERR_FILENO + 4 + systemd_num_listen_fds)
35+#endif
36+
37+#define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1 + SYSTEMD_OFFSET)
38+#define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2 + SYSTEMD_OFFSET)
39+#define REEXEC_CONFIG_PASS_FD (STDERR_FILENO + 3 + SYSTEMD_OFFSET)
40+#define REEXEC_MIN_FREE_FD (STDERR_FILENO + 4 + SYSTEMD_OFFSET)
41 30
42 extern char *__progname;31 extern char *__progname;
43 32
44@@ -1025,6 +1031,48 @@ server_accept_inetd(int *sock_in, int *sock_out)33@@ -195,6 +198,7 @@
34 */
35 #define MAX_LISTEN_SOCKS 16
36 static int listen_socks[MAX_LISTEN_SOCKS];
37+static int listen_socks_no_close[MAX_LISTEN_SOCKS];
38 static int num_listen_socks = 0;
39
40 /* Daemon's agent connection */
41@@ -280,12 +284,16 @@
42 * Close all listening sockets
43 */
44 static void
45-close_listen_socks(void)
46+close_listen_socks(int force)
47 {
48 int i;
49
50- for (i = 0; i < num_listen_socks; i++)
51+ for (i = 0; i < num_listen_socks; i++) {
52+ if (listen_socks_no_close[i] > 0 && force <= 0)
53+ continue;
54+
55 close(listen_socks[i]);
56+ }
57 num_listen_socks = 0;
58 }
59
60@@ -324,7 +332,7 @@
61 if (options.pid_file != NULL)
62 unlink(options.pid_file);
63 platform_pre_restart();
64- close_listen_socks();
65+ close_listen_socks(/* force = */ 0);
66 close_startup_pipes();
67 ssh_signal(SIGHUP, SIG_IGN); /* will be restored after exec */
68 execv(saved_argv[0], saved_argv);
69@@ -1033,6 +1041,65 @@
45 debug("inetd sockets after dupping: %d, %d", *sock_in, *sock_out);70 debug("inetd sockets after dupping: %d, %d", *sock_in, *sock_out);
46 }71 }
47 72
@@ -52,7 +77,7 @@ index 0a4eefe01..fc22fcb62 100644
52+static void77+static void
53+setup_systemd_socket(int listen_sock)78+setup_systemd_socket(int listen_sock)
54+{79+{
55+ int ret;80+ int flags, ret;
56+ struct sockaddr_storage addr;81+ struct sockaddr_storage addr;
57+ socklen_t len = sizeof(addr);82+ socklen_t len = sizeof(addr);
58+ char ntop[NI_MAXHOST], strport[NI_MAXSERV];83+ char ntop[NI_MAXHOST], strport[NI_MAXSERV];
@@ -77,10 +102,27 @@ index 0a4eefe01..fc22fcb62 100644
77+ close(listen_sock);102+ close(listen_sock);
78+ return;103+ return;
79+ }104+ }
105+
80+ /* Socket options */106+ /* Socket options */
81+ set_reuseaddr(listen_sock);107+ set_reuseaddr(listen_sock);
82+108+
109+ /* systemd sets FD_CLOEXEC on the fds it passes to us, but we need this
110+ * to stay open across re-exec. */
111+ flags = fcntl(listen_sock, F_GETFD);
112+ if (flags < 0) {
113+ error("Failed to get fd flags: %s", strerror(errno));
114+ close(listen_sock);
115+ return;
116+ }
117+
118+ if (fcntl(listen_sock, F_SETFD, flags & ~FD_CLOEXEC) < 0) {
119+ error("Failed to clear FD_CLOEXEC flag: %s", strerror(errno));
120+ close(listen_sock);
121+ return;
122+ }
123+
83+ listen_socks[num_listen_socks] = listen_sock;124+ listen_socks[num_listen_socks] = listen_sock;
125+ listen_socks_no_close[num_listen_socks] = 1;
84+ num_listen_socks++;126+ num_listen_socks++;
85+127+
86+ logit("Server listening on %s port %s.", ntop, strport);128+ logit("Server listening on %s port %s.", ntop, strport);
@@ -90,15 +132,7 @@ index 0a4eefe01..fc22fcb62 100644
90 /*132 /*
91 * Listen for TCP connections133 * Listen for TCP connections
92 */134 */
93@@ -1104,22 +1152,35 @@ static void135@@ -1117,17 +1184,26 @@
94 server_listen(void)
95 {
96 u_int i;
97+#ifdef HAVE_SYSTEMD
98+ int systemd_socket_count;
99+#endif
100
101 /* Initialise per-source limit tracking. */
102 srclimit_init(options.max_startups, options.per_source_max_startups,136 srclimit_init(options.max_startups, options.per_source_max_startups,
103 options.per_source_masklen_ipv4, options.per_source_masklen_ipv6);137 options.per_source_masklen_ipv4, options.per_source_masklen_ipv6);
104 138
@@ -109,11 +143,10 @@ index 0a4eefe01..fc22fcb62 100644
109- memset(&options.listen_addrs[i], 0,143- memset(&options.listen_addrs[i], 0,
110- sizeof(options.listen_addrs[i]));144- sizeof(options.listen_addrs[i]));
111+#ifdef HAVE_SYSTEMD145+#ifdef HAVE_SYSTEMD
112+ systemd_socket_count = sd_listen_fds(0);146+ if (systemd_num_listen_fds > 0)
113+ if (systemd_socket_count > 0)
114+ {147+ {
115+ int i;148+ int i;
116+ for (i = 0; i < systemd_socket_count; i++)149+ for (i = 0; i < systemd_num_listen_fds; i++)
117+ setup_systemd_socket(SD_LISTEN_FDS_START + i);150+ setup_systemd_socket(SD_LISTEN_FDS_START + i);
118+ } else151+ } else
119+#endif152+#endif
@@ -136,3 +169,78 @@ index 0a4eefe01..fc22fcb62 100644
136 if (!num_listen_socks)169 if (!num_listen_socks)
137 fatal("Cannot bind any address.");170 fatal("Cannot bind any address.");
138 }171 }
172@@ -1182,7 +1258,7 @@
173 if (received_sigterm) {
174 logit("Received signal %d; terminating.",
175 (int) received_sigterm);
176- close_listen_socks();
177+ close_listen_socks(/* force = */ 1);
178 if (options.pid_file != NULL)
179 unlink(options.pid_file);
180 exit(received_sigterm == SIGTERM ? 0 : 255);
181@@ -1196,7 +1272,7 @@
182 if (received_sighup) {
183 if (!lameduck) {
184 debug("Received SIGHUP; waiting for children");
185- close_listen_socks();
186+ close_listen_socks(/* force = */ 0);
187 lameduck = 1;
188 }
189 if (listening <= 0) {
190@@ -1319,7 +1395,7 @@
191 * connection without forking.
192 */
193 debug("Server will not fork when running in debugging mode.");
194- close_listen_socks();
195+ close_listen_socks(/* force = */ 0);
196 *sock_in = *newsock;
197 *sock_out = *newsock;
198 close(startup_p[0]);
199@@ -1353,7 +1429,7 @@
200 platform_post_fork_child();
201 startup_pipe = startup_p[1];
202 close_startup_pipes();
203- close_listen_socks();
204+ close_listen_socks(/* force = */ 0);
205 *sock_in = *newsock;
206 *sock_out = *newsock;
207 log_init(__progname,
208@@ -1701,6 +1777,38 @@
209 break;
210 }
211 }
212+
213+#ifdef HAVE_SYSTEMD
214+ /* We should call sd_listen_fds() exactly once, and only in the parent
215+ * process.
216+ *
217+ * If the parent calls sd_listen_fds() more than once, then FD_CLOEXEC
218+ * will be re-configured for the passed fds, which will cause problems
219+ * during re-execution. The FD_CLOEXEC flag will be cleared by
220+ * setup_systemd_socket().
221+ *
222+ * If the child calls sd_listen_fds(), it will return 0 because it will
223+ * compare our pid to the LISTEN_PID environment variable, and only
224+ * return LISTEN_FDS if they match. Thus, when we are a child process,
225+ * check the LISTEN_FDS ourselves. */
226+ if (rexeced_flag) {
227+ const char* s = getenv("LISTEN_FDS");
228+ if (s && s[0] != '\0') {
229+ errno = 0;
230+ r = (int)strtonum(s, 0, MAX_LISTEN_SOCKS, NULL);
231+ if (errno > 0)
232+ fatal("Failed to parse LISTEN_FDS: %s", strerror(errno));
233+ } else
234+ r = 0;
235+ } else {
236+ r = sd_listen_fds(0);
237+ if (r < 0)
238+ fatal("Failed to get systemd socket fds: %s", strerror(-r));
239+ }
240+
241+ systemd_num_listen_fds = r;
242+#endif
243+
244 if (rexeced_flag || inetd_flag)
245 rexec_flag = 0;
246 if (!test_flag && rexec_flag && !path_absolute(av[0]))
diff --git a/debian/po/cs.po b/debian/po/cs.po
index d01e0ff..21b4c7b 100644
--- a/debian/po/cs.po
+++ b/debian/po/cs.po
@@ -7,7 +7,7 @@ msgid ""
7msgstr ""7msgstr ""
8"Project-Id-Version: openssh 1:6.6p1-1\n"8"Project-Id-Version: openssh 1:6.6p1-1\n"
9"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"9"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
10"POT-Creation-Date: 2014-03-20 02:06+0000\n"10"POT-Creation-Date: 2022-09-23 19:34+0000\n"
11"PO-Revision-Date: 2014-06-12 12:25+0200\n"11"PO-Revision-Date: 2014-06-12 12:25+0200\n"
12"Last-Translator: Michal Simunek <michal.simunek@gmail.com>\n"12"Last-Translator: Michal Simunek <michal.simunek@gmail.com>\n"
13"Language-Team: Czech <debian-l10n-czech@lists.debian.org>\n"13"Language-Team: Czech <debian-l10n-czech@lists.debian.org>\n"
@@ -53,3 +53,28 @@ msgstr ""
53"poškodit systémy, které jsou nastaveny s předpokladem, že bude možné se "53"poškodit systémy, které jsou nastaveny s předpokladem, že bude možné se "
54"přihlašovat přes SSH jako root pomocí ověřování heslem. Změnu této volby "54"přihlašovat přes SSH jako root pomocí ověřování heslem. Změnu této volby "
55"byste měli provést pouze pokud ověřování heslem potřebujete."55"byste měli provést pouze pokud ověřování heslem potřebujete."
56
57#. Type: error
58#. Description
59#: ../openssh-server.templates:3001
60msgid "Not migrating to socket activation"
61msgstr ""
62
63#. Type: error
64#. Description
65#: ../openssh-server.templates:3001
66msgid ""
67"This version of openssh-server uses socket-based activation by default. "
68"However, because you have more than one ListenAddress configured in "
69"sshd_config, it is impossible to determine at upgrade time if migrating you "
70"to socket-based activation would cause the starting of sshd at boot to be "
71"unreliable."
72msgstr ""
73
74#. Type: error
75#. Description
76#: ../openssh-server.templates:3001
77msgid ""
78"Because a failure to start ssh may make it impossible to admininister a "
79"system, you will not be migrated to socket-based activation at this time."
80msgstr ""
diff --git a/debian/po/da.po b/debian/po/da.po
index 70d576d..a08ca3b 100644
--- a/debian/po/da.po
+++ b/debian/po/da.po
@@ -7,7 +7,7 @@ msgid ""
7msgstr ""7msgstr ""
8"Project-Id-Version: openssh\n"8"Project-Id-Version: openssh\n"
9"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"9"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
10"POT-Creation-Date: 2014-03-20 02:06+0000\n"10"POT-Creation-Date: 2022-09-23 19:34+0000\n"
11"PO-Revision-Date: 2014-03-21 23:51+0200\n"11"PO-Revision-Date: 2014-03-21 23:51+0200\n"
12"Last-Translator: Joe Hansen <joedalton2@yahoo.dk>\n"12"Last-Translator: Joe Hansen <joedalton2@yahoo.dk>\n"
13"Language-Team: Danish <debian-l10n-danish@lists.debian.org>\n"13"Language-Team: Danish <debian-l10n-danish@lists.debian.org>\n"
@@ -53,3 +53,28 @@ msgstr ""
53"Det kan dog ødelægge systemer, som er opsat med forventning om at kunne SSH "53"Det kan dog ødelægge systemer, som er opsat med forventning om at kunne SSH "
54"som root via brug af adgangskodegodkendelse. Du skal kun lave denne ændring, "54"som root via brug af adgangskodegodkendelse. Du skal kun lave denne ændring, "
55"hvis du ikke har brug for dette."55"hvis du ikke har brug for dette."
56
57#. Type: error
58#. Description
59#: ../openssh-server.templates:3001
60msgid "Not migrating to socket activation"
61msgstr ""
62
63#. Type: error
64#. Description
65#: ../openssh-server.templates:3001
66msgid ""
67"This version of openssh-server uses socket-based activation by default. "
68"However, because you have more than one ListenAddress configured in "
69"sshd_config, it is impossible to determine at upgrade time if migrating you "
70"to socket-based activation would cause the starting of sshd at boot to be "
71"unreliable."
72msgstr ""
73
74#. Type: error
75#. Description
76#: ../openssh-server.templates:3001
77msgid ""
78"Because a failure to start ssh may make it impossible to admininister a "
79"system, you will not be migrated to socket-based activation at this time."
80msgstr ""
diff --git a/debian/po/de.po b/debian/po/de.po
index ecba54b..2536ea4 100644
--- a/debian/po/de.po
+++ b/debian/po/de.po
@@ -8,7 +8,7 @@ msgid ""
8msgstr ""8msgstr ""
9"Project-Id-Version: openssh_1:6.6p1-1\n"9"Project-Id-Version: openssh_1:6.6p1-1\n"
10"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"10"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
11"POT-Creation-Date: 2014-03-20 02:06+0000\n"11"POT-Creation-Date: 2022-09-23 19:34+0000\n"
12"PO-Revision-Date: 2014-03-24 22:21+0100\n"12"PO-Revision-Date: 2014-03-24 22:21+0100\n"
13"Last-Translator: Stephan Beck <sbeck@mailbox.org>\n"13"Last-Translator: Stephan Beck <sbeck@mailbox.org>\n"
14"Language-Team: Debian German translation team <debian-l10n-german@lists."14"Language-Team: Debian German translation team <debian-l10n-german@lists."
@@ -59,3 +59,28 @@ msgstr ""
59"in der Absicht konfiguriert wurden, die Anmeldung als »root« über SSH unter "59"in der Absicht konfiguriert wurden, die Anmeldung als »root« über SSH unter "
60"Verwendung von Passwort-Authentifizierung zuzulassen. Sie sollten diese "60"Verwendung von Passwort-Authentifizierung zuzulassen. Sie sollten diese "
61"Änderung nur vornehmen, wenn Sie auf Letzteres verzichten können."61"Änderung nur vornehmen, wenn Sie auf Letzteres verzichten können."
62
63#. Type: error
64#. Description
65#: ../openssh-server.templates:3001
66msgid "Not migrating to socket activation"
67msgstr ""
68
69#. Type: error
70#. Description
71#: ../openssh-server.templates:3001
72msgid ""
73"This version of openssh-server uses socket-based activation by default. "
74"However, because you have more than one ListenAddress configured in "
75"sshd_config, it is impossible to determine at upgrade time if migrating you "
76"to socket-based activation would cause the starting of sshd at boot to be "
77"unreliable."
78msgstr ""
79
80#. Type: error
81#. Description
82#: ../openssh-server.templates:3001
83msgid ""
84"Because a failure to start ssh may make it impossible to admininister a "
85"system, you will not be migrated to socket-based activation at this time."
86msgstr ""
diff --git a/debian/po/es.po b/debian/po/es.po
index de8a67a..14550d6 100644
--- a/debian/po/es.po
+++ b/debian/po/es.po
@@ -28,7 +28,7 @@ msgid ""
28msgstr ""28msgstr ""
29"Project-Id-Version: openssh\n"29"Project-Id-Version: openssh\n"
30"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"30"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
31"POT-Creation-Date: 2014-03-20 02:06+0000\n"31"POT-Creation-Date: 2022-09-23 19:34+0000\n"
32"PO-Revision-Date: 2014-03-23 20:43-0300\n"32"PO-Revision-Date: 2014-03-23 20:43-0300\n"
33"Last-Translator: Matías Bellone <matiasbellone+debian@gmail.com>\n"33"Last-Translator: Matías Bellone <matiasbellone+debian@gmail.com>\n"
34"Language-Team: Debian l10n Spanish <debian-l10n-spanish@lists.debian.org>\n"34"Language-Team: Debian l10n Spanish <debian-l10n-spanish@lists.debian.org>\n"
@@ -78,3 +78,28 @@ msgstr ""
78"configuración permite que el usuario root inicie sesión a través de SSH "78"configuración permite que el usuario root inicie sesión a través de SSH "
79"utilizando una contraseña. Sólo debería realizar este cambio si no necesita "79"utilizando una contraseña. Sólo debería realizar este cambio si no necesita "
80"este comportamiento."80"este comportamiento."
81
82#. Type: error
83#. Description
84#: ../openssh-server.templates:3001
85msgid "Not migrating to socket activation"
86msgstr ""
87
88#. Type: error
89#. Description
90#: ../openssh-server.templates:3001
91msgid ""
92"This version of openssh-server uses socket-based activation by default. "
93"However, because you have more than one ListenAddress configured in "
94"sshd_config, it is impossible to determine at upgrade time if migrating you "
95"to socket-based activation would cause the starting of sshd at boot to be "
96"unreliable."
97msgstr ""
98
99#. Type: error
100#. Description
101#: ../openssh-server.templates:3001
102msgid ""
103"Because a failure to start ssh may make it impossible to admininister a "
104"system, you will not be migrated to socket-based activation at this time."
105msgstr ""
diff --git a/debian/po/fr.po b/debian/po/fr.po
index f7125e9..7d7093b 100644
--- a/debian/po/fr.po
+++ b/debian/po/fr.po
@@ -7,7 +7,7 @@ msgid ""
7msgstr ""7msgstr ""
8"Project-Id-Version: openssh_1:6.5p1-6\n"8"Project-Id-Version: openssh_1:6.5p1-6\n"
9"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"9"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
10"POT-Creation-Date: 2014-03-20 02:06+0000\n"10"POT-Creation-Date: 2022-09-23 19:34+0000\n"
11"PO-Revision-Date: 2014-03-22 08:26+0100\n"11"PO-Revision-Date: 2014-03-22 08:26+0100\n"
12"Last-Translator: Étienne Gilli <etienne.gilli@gmail.com>\n"12"Last-Translator: Étienne Gilli <etienne.gilli@gmail.com>\n"
13"Language-Team: French <debian-l10n-french@lists.debian.org>\n"13"Language-Team: French <debian-l10n-french@lists.debian.org>\n"
@@ -57,3 +57,28 @@ msgstr ""
57"inutilisables les systèmes reposant sur la possibilité de se connecter au "57"inutilisables les systèmes reposant sur la possibilité de se connecter au "
58"compte « root » par SSH avec authentification par mot de passe. Vous ne "58"compte « root » par SSH avec authentification par mot de passe. Vous ne "
59"devriez appliquer cette modification que si ce n’est pas votre cas."59"devriez appliquer cette modification que si ce n’est pas votre cas."
60
61#. Type: error
62#. Description
63#: ../openssh-server.templates:3001
64msgid "Not migrating to socket activation"
65msgstr ""
66
67#. Type: error
68#. Description
69#: ../openssh-server.templates:3001
70msgid ""
71"This version of openssh-server uses socket-based activation by default. "
72"However, because you have more than one ListenAddress configured in "
73"sshd_config, it is impossible to determine at upgrade time if migrating you "
74"to socket-based activation would cause the starting of sshd at boot to be "
75"unreliable."
76msgstr ""
77
78#. Type: error
79#. Description
80#: ../openssh-server.templates:3001
81msgid ""
82"Because a failure to start ssh may make it impossible to admininister a "
83"system, you will not be migrated to socket-based activation at this time."
84msgstr ""
diff --git a/debian/po/it.po b/debian/po/it.po
index dd71060..5390795 100644
--- a/debian/po/it.po
+++ b/debian/po/it.po
@@ -6,7 +6,7 @@ msgid ""
6msgstr ""6msgstr ""
7"Project-Id-Version: openssh\n"7"Project-Id-Version: openssh\n"
8"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"8"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
9"POT-Creation-Date: 2014-03-20 02:06+0000\n"9"POT-Creation-Date: 2022-09-23 19:34+0000\n"
10"PO-Revision-Date: 2014-03-28 11:12+0200\n"10"PO-Revision-Date: 2014-03-28 11:12+0200\n"
11"Last-Translator: Beatrice Torracca <beatricet@libero.it>\n"11"Last-Translator: Beatrice Torracca <beatricet@libero.it>\n"
12"Language-Team: Italian <debian-l10n-italian@lists.debian.org>\n"12"Language-Team: Italian <debian-l10n-italian@lists.debian.org>\n"
@@ -56,3 +56,28 @@ msgstr ""
56"impostati facendo affidamento sulla possibilità di autenticazione SSH come "56"impostati facendo affidamento sulla possibilità di autenticazione SSH come "
57"root usando la password. Si dovrebbe fare questo cambiamento solo se non si "57"root usando la password. Si dovrebbe fare questo cambiamento solo se non si "
58"ha bisogno di tale comportamento."58"ha bisogno di tale comportamento."
59
60#. Type: error
61#. Description
62#: ../openssh-server.templates:3001
63msgid "Not migrating to socket activation"
64msgstr ""
65
66#. Type: error
67#. Description
68#: ../openssh-server.templates:3001
69msgid ""
70"This version of openssh-server uses socket-based activation by default. "
71"However, because you have more than one ListenAddress configured in "
72"sshd_config, it is impossible to determine at upgrade time if migrating you "
73"to socket-based activation would cause the starting of sshd at boot to be "
74"unreliable."
75msgstr ""
76
77#. Type: error
78#. Description
79#: ../openssh-server.templates:3001
80msgid ""
81"Because a failure to start ssh may make it impossible to admininister a "
82"system, you will not be migrated to socket-based activation at this time."
83msgstr ""
diff --git a/debian/po/ja.po b/debian/po/ja.po
index db382f1..b48d281 100644
--- a/debian/po/ja.po
+++ b/debian/po/ja.po
@@ -7,7 +7,7 @@ msgid ""
7msgstr ""7msgstr ""
8"Project-Id-Version: openssh\n"8"Project-Id-Version: openssh\n"
9"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"9"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
10"POT-Creation-Date: 2014-03-20 02:06+0000\n"10"POT-Creation-Date: 2022-09-23 19:34+0000\n"
11"PO-Revision-Date: 2014-03-20 11:06+0900\n"11"PO-Revision-Date: 2014-03-20 11:06+0900\n"
12"Last-Translator: victory <victory.deb@gmail.com>\n"12"Last-Translator: victory <victory.deb@gmail.com>\n"
13"Language-Team: Japanese <debian-japanese@lists.debian.org>\n"13"Language-Team: Japanese <debian-japanese@lists.debian.org>\n"
@@ -53,3 +53,28 @@ msgstr ""
53"ます。しかしパスワード認証により root で SSH 接続できることを前提として構成し"53"ます。しかしパスワード認証により root で SSH 接続できることを前提として構成し"
54"たシステムでは問題が発生する可能性があります。そういった必要のない場合にのみ"54"たシステムでは問題が発生する可能性があります。そういった必要のない場合にのみ"
55"この変更を行うようにしてください。"55"この変更を行うようにしてください。"
56
57#. Type: error
58#. Description
59#: ../openssh-server.templates:3001
60msgid "Not migrating to socket activation"
61msgstr ""
62
63#. Type: error
64#. Description
65#: ../openssh-server.templates:3001
66msgid ""
67"This version of openssh-server uses socket-based activation by default. "
68"However, because you have more than one ListenAddress configured in "
69"sshd_config, it is impossible to determine at upgrade time if migrating you "
70"to socket-based activation would cause the starting of sshd at boot to be "
71"unreliable."
72msgstr ""
73
74#. Type: error
75#. Description
76#: ../openssh-server.templates:3001
77msgid ""
78"Because a failure to start ssh may make it impossible to admininister a "
79"system, you will not be migrated to socket-based activation at this time."
80msgstr ""
diff --git a/debian/po/nl.po b/debian/po/nl.po
index 3afd617..eca9662 100644
--- a/debian/po/nl.po
+++ b/debian/po/nl.po
@@ -7,7 +7,7 @@ msgid ""
7msgstr ""7msgstr ""
8"Project-Id-Version: openssh\n"8"Project-Id-Version: openssh\n"
9"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"9"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
10"POT-Creation-Date: 2014-03-20 02:06+0000\n"10"POT-Creation-Date: 2022-09-23 19:34+0000\n"
11"PO-Revision-Date: 2014-10-03 23:54+0200\n"11"PO-Revision-Date: 2014-10-03 23:54+0200\n"
12"Last-Translator: Frans Spiesschaert <Frans.Spiesschaert@yucom.be>\n"12"Last-Translator: Frans Spiesschaert <Frans.Spiesschaert@yucom.be>\n"
13"Language-Team: Debian Dutch l10n Team <debian-l10n-dutch@lists.debian.org>\n"13"Language-Team: Debian Dutch l10n Team <debian-l10n-dutch@lists.debian.org>\n"
@@ -58,3 +58,28 @@ msgstr ""
58"ingesteld werden vanuit de verwachting dat de systeembeheerder SSH kan "58"ingesteld werden vanuit de verwachting dat de systeembeheerder SSH kan "
59"gebruiken met authenticatie via wachtwoord. Enkel wanneer u dit laatste niet "59"gebruiken met authenticatie via wachtwoord. Enkel wanneer u dit laatste niet "
60"nodig heeft, zou u deze wijziging kunnen doorvoeren."60"nodig heeft, zou u deze wijziging kunnen doorvoeren."
61
62#. Type: error
63#. Description
64#: ../openssh-server.templates:3001
65msgid "Not migrating to socket activation"
66msgstr ""
67
68#. Type: error
69#. Description
70#: ../openssh-server.templates:3001
71msgid ""
72"This version of openssh-server uses socket-based activation by default. "
73"However, because you have more than one ListenAddress configured in "
74"sshd_config, it is impossible to determine at upgrade time if migrating you "
75"to socket-based activation would cause the starting of sshd at boot to be "
76"unreliable."
77msgstr ""
78
79#. Type: error
80#. Description
81#: ../openssh-server.templates:3001
82msgid ""
83"Because a failure to start ssh may make it impossible to admininister a "
84"system, you will not be migrated to socket-based activation at this time."
85msgstr ""
diff --git a/debian/po/pt.po b/debian/po/pt.po
index 2dab84c..8f51af9 100644
--- a/debian/po/pt.po
+++ b/debian/po/pt.po
@@ -7,7 +7,7 @@ msgid ""
7msgstr ""7msgstr ""
8"Project-Id-Version: openssh 1:6.6p1-1\n"8"Project-Id-Version: openssh 1:6.6p1-1\n"
9"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"9"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
10"POT-Creation-Date: 2014-03-20 02:06+0000\n"10"POT-Creation-Date: 2022-09-23 19:34+0000\n"
11"PO-Revision-Date: 2014-03-21 21:13+0000\n"11"PO-Revision-Date: 2014-03-21 21:13+0000\n"
12"Last-Translator: Américo Monteiro <a_monteiro@gmx.com>\n"12"Last-Translator: Américo Monteiro <a_monteiro@gmx.com>\n"
13"Language-Team: Portuguese <traduz@debianpt.org>\n"13"Language-Team: Portuguese <traduz@debianpt.org>\n"
@@ -57,3 +57,28 @@ msgstr ""
57"configurados com a expectativa de serem capazes de SSH como root usando "57"configurados com a expectativa de serem capazes de SSH como root usando "
58"autenticação por palavra-passe. Apenas deverá fazer esta alteração se não "58"autenticação por palavra-passe. Apenas deverá fazer esta alteração se não "
59"precisa de tal método de autenticação."59"precisa de tal método de autenticação."
60
61#. Type: error
62#. Description
63#: ../openssh-server.templates:3001
64msgid "Not migrating to socket activation"
65msgstr ""
66
67#. Type: error
68#. Description
69#: ../openssh-server.templates:3001
70msgid ""
71"This version of openssh-server uses socket-based activation by default. "
72"However, because you have more than one ListenAddress configured in "
73"sshd_config, it is impossible to determine at upgrade time if migrating you "
74"to socket-based activation would cause the starting of sshd at boot to be "
75"unreliable."
76msgstr ""
77
78#. Type: error
79#. Description
80#: ../openssh-server.templates:3001
81msgid ""
82"Because a failure to start ssh may make it impossible to admininister a "
83"system, you will not be migrated to socket-based activation at this time."
84msgstr ""
diff --git a/debian/po/pt_BR.po b/debian/po/pt_BR.po
index 99b1182..98856bb 100644
--- a/debian/po/pt_BR.po
+++ b/debian/po/pt_BR.po
@@ -8,7 +8,7 @@ msgid ""
8msgstr ""8msgstr ""
9"Project-Id-Version: openssh\n"9"Project-Id-Version: openssh\n"
10"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"10"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
11"POT-Creation-Date: 2014-03-20 02:06+0000\n"11"POT-Creation-Date: 2022-09-23 19:34+0000\n"
12"PO-Revision-Date: 2014-11-23 23:49-0200\n"12"PO-Revision-Date: 2014-11-23 23:49-0200\n"
13"Last-Translator: José de Figueiredo <deb.gnulinux@gmail.com>\n"13"Last-Translator: José de Figueiredo <deb.gnulinux@gmail.com>\n"
14"Language-Team: Brazilian Portuguese <debian-l10n-portuguese@lists.debian."14"Language-Team: Brazilian Portuguese <debian-l10n-portuguese@lists.debian."
@@ -55,3 +55,28 @@ msgstr ""
55"Entretanto, ela pode quebrar sistemas que foram configurados com a "55"Entretanto, ela pode quebrar sistemas que foram configurados com a "
56"expectativa de acesso SSH com root usando autenticação por senha. Você deve "56"expectativa de acesso SSH com root usando autenticação por senha. Você deve "
57"fazer esta mudança somente se você não precisa fazer isso."57"fazer esta mudança somente se você não precisa fazer isso."
58
59#. Type: error
60#. Description
61#: ../openssh-server.templates:3001
62msgid "Not migrating to socket activation"
63msgstr ""
64
65#. Type: error
66#. Description
67#: ../openssh-server.templates:3001
68msgid ""
69"This version of openssh-server uses socket-based activation by default. "
70"However, because you have more than one ListenAddress configured in "
71"sshd_config, it is impossible to determine at upgrade time if migrating you "
72"to socket-based activation would cause the starting of sshd at boot to be "
73"unreliable."
74msgstr ""
75
76#. Type: error
77#. Description
78#: ../openssh-server.templates:3001
79msgid ""
80"Because a failure to start ssh may make it impossible to admininister a "
81"system, you will not be migrated to socket-based activation at this time."
82msgstr ""
diff --git a/debian/po/ru.po b/debian/po/ru.po
index f2e1daf..3fa193c 100644
--- a/debian/po/ru.po
+++ b/debian/po/ru.po
@@ -6,7 +6,7 @@ msgid ""
6msgstr ""6msgstr ""
7"Project-Id-Version: openssh 1:6.6p1-1\n"7"Project-Id-Version: openssh 1:6.6p1-1\n"
8"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"8"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
9"POT-Creation-Date: 2014-03-20 02:06+0000\n"9"POT-Creation-Date: 2022-09-23 19:34+0000\n"
10"PO-Revision-Date: 2014-03-22 10:04+0400\n"10"PO-Revision-Date: 2014-03-22 10:04+0400\n"
11"Last-Translator: Yuri Kozlov <yuray@komyakino.ru>\n"11"Last-Translator: Yuri Kozlov <yuray@komyakino.ru>\n"
12"Language-Team: Russian <debian-l10n-russian@lists.debian.org>\n"12"Language-Team: Russian <debian-l10n-russian@lists.debian.org>\n"
@@ -14,8 +14,8 @@ msgstr ""
14"MIME-Version: 1.0\n"14"MIME-Version: 1.0\n"
15"Content-Type: text/plain; charset=UTF-8\n"15"Content-Type: text/plain; charset=UTF-8\n"
16"Content-Transfer-Encoding: 8bit\n"16"Content-Transfer-Encoding: 8bit\n"
17"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"17"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && "
18"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"18"n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
19"X-Generator: Lokalize 1.4\n"19"X-Generator: Lokalize 1.4\n"
2020
21#. Type: boolean21#. Type: boolean
@@ -55,3 +55,28 @@ msgstr ""
55"атак). Однако, это вредит системам, в которых специально настроен вход для "55"атак). Однако, это вредит системам, в которых специально настроен вход для "
56"root по SSH с парольной аутентификацией. Если это не ваш случай, то ответьте "56"root по SSH с парольной аутентификацией. Если это не ваш случай, то ответьте "
57"утвердительно."57"утвердительно."
58
59#. Type: error
60#. Description
61#: ../openssh-server.templates:3001
62msgid "Not migrating to socket activation"
63msgstr ""
64
65#. Type: error
66#. Description
67#: ../openssh-server.templates:3001
68msgid ""
69"This version of openssh-server uses socket-based activation by default. "
70"However, because you have more than one ListenAddress configured in "
71"sshd_config, it is impossible to determine at upgrade time if migrating you "
72"to socket-based activation would cause the starting of sshd at boot to be "
73"unreliable."
74msgstr ""
75
76#. Type: error
77#. Description
78#: ../openssh-server.templates:3001
79msgid ""
80"Because a failure to start ssh may make it impossible to admininister a "
81"system, you will not be migrated to socket-based activation at this time."
82msgstr ""
diff --git a/debian/po/sv.po b/debian/po/sv.po
index 278b0cc..296e611 100644
--- a/debian/po/sv.po
+++ b/debian/po/sv.po
@@ -8,7 +8,7 @@ msgid ""
8msgstr ""8msgstr ""
9"Project-Id-Version: openssh\n"9"Project-Id-Version: openssh\n"
10"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"10"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
11"POT-Creation-Date: 2014-03-20 02:06+0000\n"11"POT-Creation-Date: 2022-09-23 19:34+0000\n"
12"PO-Revision-Date: 2014-03-21 21:36+0100\n"12"PO-Revision-Date: 2014-03-21 21:36+0100\n"
13"Last-Translator: Andreas Rönnquist <gusnan@gusnan.se>\n"13"Last-Translator: Andreas Rönnquist <gusnan@gusnan.se>\n"
14"Language-Team: Swedish\n"14"Language-Team: Swedish\n"
@@ -56,3 +56,28 @@ msgstr ""
56"sådana angrepp). Dock så kan detta förstöra system som förväntas kunna "56"sådana angrepp). Dock så kan detta förstöra system som förväntas kunna "
57"använda SSH som root med hjälp av lösenordsautentisering. Du skall endast "57"använda SSH som root med hjälp av lösenordsautentisering. Du skall endast "
58"göra denna förändring om du inte har ett behov av att kunna göra detta."58"göra denna förändring om du inte har ett behov av att kunna göra detta."
59
60#. Type: error
61#. Description
62#: ../openssh-server.templates:3001
63msgid "Not migrating to socket activation"
64msgstr ""
65
66#. Type: error
67#. Description
68#: ../openssh-server.templates:3001
69msgid ""
70"This version of openssh-server uses socket-based activation by default. "
71"However, because you have more than one ListenAddress configured in "
72"sshd_config, it is impossible to determine at upgrade time if migrating you "
73"to socket-based activation would cause the starting of sshd at boot to be "
74"unreliable."
75msgstr ""
76
77#. Type: error
78#. Description
79#: ../openssh-server.templates:3001
80msgid ""
81"Because a failure to start ssh may make it impossible to admininister a "
82"system, you will not be migrated to socket-based activation at this time."
83msgstr ""
diff --git a/debian/po/templates.pot b/debian/po/templates.pot
index 47c9e36..c9dc5ba 100644
--- a/debian/po/templates.pot
+++ b/debian/po/templates.pot
@@ -1,6 +1,6 @@
1# SOME DESCRIPTIVE TITLE.1# SOME DESCRIPTIVE TITLE.
2# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER2# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
3# This file is distributed under the same license as the PACKAGE package.3# This file is distributed under the same license as the openssh package.
4# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.4# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
5#5#
6#, fuzzy6#, fuzzy
@@ -8,7 +8,7 @@ msgid ""
8msgstr ""8msgstr ""
9"Project-Id-Version: openssh\n"9"Project-Id-Version: openssh\n"
10"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"10"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
11"POT-Creation-Date: 2014-03-20 02:06+0000\n"11"POT-Creation-Date: 2022-09-23 19:34+0000\n"
12"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"12"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
13"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"13"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
14"Language-Team: LANGUAGE <LL@li.org>\n"14"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -44,3 +44,28 @@ msgid ""
44"able to SSH as root using password authentication. You should only make this "44"able to SSH as root using password authentication. You should only make this "
45"change if you do not need to do that."45"change if you do not need to do that."
46msgstr ""46msgstr ""
47
48#. Type: error
49#. Description
50#: ../openssh-server.templates:3001
51msgid "Not migrating to socket activation"
52msgstr ""
53
54#. Type: error
55#. Description
56#: ../openssh-server.templates:3001
57msgid ""
58"This version of openssh-server uses socket-based activation by default. "
59"However, because you have more than one ListenAddress configured in "
60"sshd_config, it is impossible to determine at upgrade time if migrating you "
61"to socket-based activation would cause the starting of sshd at boot to be "
62"unreliable."
63msgstr ""
64
65#. Type: error
66#. Description
67#: ../openssh-server.templates:3001
68msgid ""
69"Because a failure to start ssh may make it impossible to admininister a "
70"system, you will not be migrated to socket-based activation at this time."
71msgstr ""
diff --git a/debian/po/tr.po b/debian/po/tr.po
index 1ada041..fd6bde5 100644
--- a/debian/po/tr.po
+++ b/debian/po/tr.po
@@ -7,15 +7,15 @@ msgid ""
7msgstr ""7msgstr ""
8"Project-Id-Version: openssh-server\n"8"Project-Id-Version: openssh-server\n"
9"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"9"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
10"POT-Creation-Date: 2014-03-20 02:06+0000\n"10"POT-Creation-Date: 2022-09-23 19:34+0000\n"
11"PO-Revision-Date: 2014-08-01 14:44+0200\n"11"PO-Revision-Date: 2014-08-01 14:44+0200\n"
12"Last-Translator: Mert Dirik <mertdirik@gmail.com>\n"12"Last-Translator: Mert Dirik <mertdirik@gmail.com>\n"
13"Language-Team: Debian L10n Turkish <debian-l10n-turkish@lists.debian.org>\n"13"Language-Team: Debian L10n Turkish <debian-l10n-turkish@lists.debian.org>\n"
14"Language: tr\n"
14"MIME-Version: 1.0\n"15"MIME-Version: 1.0\n"
15"Content-Type: text/plain; charset=UTF-8\n"16"Content-Type: text/plain; charset=UTF-8\n"
16"Content-Transfer-Encoding: 8bit\n"17"Content-Transfer-Encoding: 8bit\n"
17"X-Generator: Poedit 1.5.4\n"18"X-Generator: Poedit 1.5.4\n"
18"Language: tr\n"
1919
20#. Type: boolean20#. Type: boolean
21#. Description21#. Description
@@ -56,3 +56,28 @@ msgstr ""
56"parola doğrulama yöntemiyle oturum açılabileceği varsayımıyla hareket eden "56"parola doğrulama yöntemiyle oturum açılabileceği varsayımıyla hareket eden "
57"sistemlerde eskiden çalışan düzenin bozulmasına sebep olacaktır. Bu "57"sistemlerde eskiden çalışan düzenin bozulmasına sebep olacaktır. Bu "
58"değişikliği yalnızca sorun çıkarmayacağından eminseniz yapın."58"değişikliği yalnızca sorun çıkarmayacağından eminseniz yapın."
59
60#. Type: error
61#. Description
62#: ../openssh-server.templates:3001
63msgid "Not migrating to socket activation"
64msgstr ""
65
66#. Type: error
67#. Description
68#: ../openssh-server.templates:3001
69msgid ""
70"This version of openssh-server uses socket-based activation by default. "
71"However, because you have more than one ListenAddress configured in "
72"sshd_config, it is impossible to determine at upgrade time if migrating you "
73"to socket-based activation would cause the starting of sshd at boot to be "
74"unreliable."
75msgstr ""
76
77#. Type: error
78#. Description
79#: ../openssh-server.templates:3001
80msgid ""
81"Because a failure to start ssh may make it impossible to admininister a "
82"system, you will not be migrated to socket-based activation at this time."
83msgstr ""
diff --git a/debian/rules b/debian/rules
index 18b2bf3..400fca7 100755
--- a/debian/rules
+++ b/debian/rules
@@ -186,8 +186,9 @@ override_dh_installinit:
186 dh_installinit -R --name ssh186 dh_installinit -R --name ssh
187187
188override_dh_installsystemd:188override_dh_installsystemd:
189 dh_installsystemd -popenssh-server ssh.service rescue-ssh.target189 dh_installsystemd -popenssh-server --no-start ssh.socket
190 dh_installsystemd -popenssh-server --no-enable ssh.socket190 dh_installsystemd -popenssh-server rescue-ssh.target
191 dh_installsystemd -popenssh-server --no-enable --no-start ssh.service
191192
192debian/openssh-server.sshd.pam: debian/openssh-server.sshd.pam.in193debian/openssh-server.sshd.pam: debian/openssh-server.sshd.pam.in
193ifeq ($(DEB_HOST_ARCH_OS),linux)194ifeq ($(DEB_HOST_ARCH_OS),linux)
diff --git a/debian/systemd/ssh.service b/debian/systemd/ssh.service
index 7495d9a..a18105b 100644
--- a/debian/systemd/ssh.service
+++ b/debian/systemd/ssh.service
@@ -14,8 +14,6 @@ KillMode=process
14Restart=on-failure14Restart=on-failure
15RestartPreventExitStatus=25515RestartPreventExitStatus=255
16Type=notify16Type=notify
17RuntimeDirectory=sshd
18RuntimeDirectoryMode=0755
1917
20[Install]18[Install]
21WantedBy=multi-user.target19WantedBy=multi-user.target
diff --git a/debian/tests/control b/debian/tests/control
index 8bc480a..0329ea0 100644
--- a/debian/tests/control
+++ b/debian/tests/control
@@ -8,3 +8,9 @@ Depends: devscripts,
8 python3-twisted,8 python3-twisted,
9 sudo,9 sudo,
10 sysvinit-utils,10 sysvinit-utils,
11
12Tests: systemd-socket-activation
13Restrictions: needs-root allow-stderr
14Depends: openssh-client,
15 openssh-server,
16 systemd,
diff --git a/debian/tests/systemd-socket-activation b/debian/tests/systemd-socket-activation
11new file mode 10064417new file mode 100644
index 0000000..42d4526
--- /dev/null
+++ b/debian/tests/systemd-socket-activation
@@ -0,0 +1,57 @@
1#!/bin/bash
2
3set -euo pipefail
4
5assert_unit_property() {
6 local property="$(echo "$2" | awk -F'=' '{print $1}')"
7
8 local expect="$2"
9 local actual="$(systemctl show -p "$property" "$1")"
10
11 if [[ "$actual" != "$expect" ]]; then
12 echo "Fail: $1: expected $expect, but got $actual"
13 return 1
14 fi
15}
16
17# Generate RSA key and add it to this user's authorized keys.
18ssh-keygen -t rsa -N "" -f "$HOME/.ssh/id_rsa" -q
19if [[ -f ~/.ssh/authorized_keys ]]; then
20 touch ~/.ssh/authorized_keys
21 chmod 0600 ~/.ssh/authorized_keys
22fi
23cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
24
25# Make sure ssh.service is not running.
26echo "Stopping ssh.service..."
27systemctl stop ssh.service 2>/dev/null
28
29# Check that ssh.socket is active and listening.
30echo "Checking that ssh.socket is active and listening..."
31assert_unit_property ssh.socket "ActiveState=active"
32assert_unit_property ssh.socket "SubState=listening"
33
34# Check that ssh.service is currently inactive/dead.
35echo "Checking that ssh.service is inactive/dead..."
36assert_unit_property ssh.service "ActiveState=inactive"
37assert_unit_property ssh.service "SubState=dead"
38
39# Check that a connection attempt successfully activates ssh.service.
40echo "Checking that a connection attempt activates ssh.service..."
41ssh -oStrictHostKeyChecking=no localhost -- /usr/bin/true
42assert_unit_property ssh.service "ActiveState=active"
43assert_unit_property ssh.service "SubState=running"
44
45# Check that we can re-execute sshd via systemctl reload.
46echo "Checking that sshd can be re-executed..."
47systemctl reload ssh.service
48assert_unit_property ssh.service "ActiveState=active"
49assert_unit_property ssh.service "SubState=running"
50
51# Check that we can run sshd in debug mode.
52echo "Checking sshd can run in debug mode..."
53systemctl stop ssh.service 2>/dev/null
54sed -i 's/^SSHD_OPTS=.*/SSHD_OPTS=-ddd/g' /etc/default/ssh
55ssh -oStrictHostKeyChecking=no localhost -- /usr/bin/true
56
57echo "Done."

Subscribers

People subscribed via source and target branches