Merge ~enr0n/ubuntu/+source/openssh:merge-lp2018094-mantic into ubuntu/+source/openssh:debian/sid
- Git
- lp:~enr0n/ubuntu/+source/openssh
- merge-lp2018094-mantic
- Merge into debian/sid
Status: | Needs review | ||||||||
---|---|---|---|---|---|---|---|---|---|
Proposed branch: | ~enr0n/ubuntu/+source/openssh:merge-lp2018094-mantic | ||||||||
Merge into: | ubuntu/+source/openssh:debian/sid | ||||||||
Diff against target: |
1605 lines (+1016/-107) 30 files modified
debian/README.Debian (+10/-17) debian/changelog (+133/-0) debian/control (+2/-1) debian/openssh-server.postinst (+192/-6) debian/openssh-server.postrm (+4/-0) debian/openssh-server.templates (+12/-0) debian/openssh-server.tmpfile (+2/-0) debian/openssh-server.ucf-md5sum (+24/-0) debian/patches/series (+1/-0) debian/patches/socket-activation-documentation.patch (+50/-0) debian/patches/systemd-socket-activation.patch (+152/-44) debian/po/cs.po (+26/-1) debian/po/da.po (+26/-1) debian/po/de.po (+26/-1) debian/po/es.po (+26/-1) debian/po/fr.po (+26/-1) debian/po/it.po (+26/-1) debian/po/ja.po (+26/-1) debian/po/nl.po (+26/-1) debian/po/pt.po (+26/-1) debian/po/pt_BR.po (+26/-1) debian/po/ru.po (+28/-3) debian/po/sv.po (+26/-1) debian/po/templates.pot (+27/-2) debian/po/tr.po (+27/-2) debian/rules (+3/-2) debian/systemd/ssh.service (+0/-2) debian/tests/control (+6/-0) debian/tests/systemd-socket-activation (+57/-0) dev/null (+0/-17) |
||||||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Steve Langasek (community) | Approve | ||
Review via email: mp+443364@code.launchpad.net |
Commit message
Description of the change
I ran autopkgtests locally (amd64) and they passed.
Nick Rosbrook (enr0n) : | # |
Unmerged commits
- f4a0129... by Nick Rosbrook
-
changelog
- 988a629... by Nick Rosbrook
-
update-maintainer
- 2c2be41... by Nick Rosbrook
-
reconstruct-
changelog - f788eb2... by Nick Rosbrook
-
merge-changelogs
- 387eecd... by Nick Rosbrook
-
* debian/
openssh- server. ucf-md5sum: update for Ubuntu delta - 182c872... by Nick Rosbrook
-
* debian/
README. Debian: mention drop-in configurations in instructions
for disabling sshd socket activation (LP: #2017434). - 409372d... by Nick Rosbrook
-
* debian/
tests/systemd- socket- activation: Add autopkgtest for systemd socket
activation functionality. - a9ff51f... by Nick Rosbrook
-
* debian/
patches/ systemd- socket- activation. patch: Fix sshd
re-execution behavior when socket activation is used - 2ff5428... by Nick Rosbrook
-
* debian/
openssh- server. tmpfile, debian/ systemd/ ssh.service: Move
/run/sshd creation out of the systemd unit to a tmpfile config so
that sshd can be run manually if necessary without having to create
this directory by hand. - 17af9ff... by Nick Rosbrook
-
* debian/
openssh- server. ucf-md5sum: Update list of stock sshd_config
checksums to include those from jammy and kinetic.
Preview Diff
1 | diff --git a/debian/.gitignore b/debian/.gitignore | |||
2 | 0 | deleted file mode 100644 | 0 | deleted file mode 100644 |
3 | index 988323b..0000000 | |||
4 | --- a/debian/.gitignore | |||
5 | +++ /dev/null | |||
6 | @@ -1,17 +0,0 @@ | |||
7 | 1 | /*.debhelper* | ||
8 | 2 | /*substvars | ||
9 | 3 | /build-deb | ||
10 | 4 | /build-udeb | ||
11 | 5 | /files | ||
12 | 6 | /keygen-test/key1 | ||
13 | 7 | /keygen-test/key1.pub | ||
14 | 8 | /keygen-test/key2 | ||
15 | 9 | /keygen-test/key2.pub | ||
16 | 10 | /openssh-client | ||
17 | 11 | /openssh-client-udeb | ||
18 | 12 | /openssh-server | ||
19 | 13 | /openssh-server-udeb | ||
20 | 14 | /ssh | ||
21 | 15 | /ssh-askpass-gnome | ||
22 | 16 | /ssh-krb5 | ||
23 | 17 | /tmp | ||
24 | diff --git a/debian/README.Debian b/debian/README.Debian | |||
25 | index 77d331b..83049c8 100644 | |||
26 | --- a/debian/README.Debian | |||
27 | +++ b/debian/README.Debian | |||
28 | @@ -184,23 +184,7 @@ this sshd manually on upgrades. | |||
29 | 184 | Socket-based activation with systemd | 184 | Socket-based activation with systemd |
30 | 185 | ------------------------------------ | 185 | ------------------------------------ |
31 | 186 | 186 | ||
49 | 187 | If you want to reconfigure systemd to listen on port 22 itself and launch | 187 | By default, socket-based activation is used on systems that use systemd. |
33 | 188 | sshd on connection (systemd-style socket activation), then you can run: | ||
34 | 189 | |||
35 | 190 | systemctl disable --now ssh.service | ||
36 | 191 | systemctl start ssh.socket | ||
37 | 192 | |||
38 | 193 | To roll back this change, run: | ||
39 | 194 | |||
40 | 195 | systemctl stop ssh.socket | ||
41 | 196 | systemctl enable --now ssh.service | ||
42 | 197 | |||
43 | 198 | Or if you want to make this change permanent: | ||
44 | 199 | |||
45 | 200 | systemctl enable ssh.socket | ||
46 | 201 | |||
47 | 202 | This may be appropriate in environments where minimal footprint is critical | ||
48 | 203 | (e.g. cloud guests). | ||
50 | 204 | 188 | ||
51 | 205 | The provided ssh.socket unit file sets ListenStream=22. If you need to have | 189 | The provided ssh.socket unit file sets ListenStream=22. If you need to have |
52 | 206 | it listen on a different address or port, then you will need to do this as | 190 | it listen on a different address or port, then you will need to do this as |
53 | @@ -215,6 +199,15 @@ follows (modifying ListenStream to match your requirements): | |||
54 | 215 | 199 | ||
55 | 216 | See systemd.socket(5) for details. | 200 | See systemd.socket(5) for details. |
56 | 217 | 201 | ||
57 | 202 | If you do not want to use socket activation for ssh on your system, you | ||
58 | 203 | can disable socket activation by running: | ||
59 | 204 | |||
60 | 205 | systemctl disable --now ssh.socket | ||
61 | 206 | rm -f /etc/systemd/system/ssh.service.d/00-socket.conf | ||
62 | 207 | rm -f /etc/systemd/system/ssh.service.d/addresses.conf | ||
63 | 208 | systemctl daemon-reload | ||
64 | 209 | systemctl enable --now ssh.service | ||
65 | 210 | |||
66 | 218 | Terminating SSH sessions cleanly on shutdown/reboot with systemd | 211 | Terminating SSH sessions cleanly on shutdown/reboot with systemd |
67 | 219 | ---------------------------------------------------------------- | 212 | ---------------------------------------------------------------- |
68 | 220 | 213 | ||
69 | diff --git a/debian/changelog b/debian/changelog | |||
70 | index c725f55..e883b37 100644 | |||
71 | --- a/debian/changelog | |||
72 | +++ b/debian/changelog | |||
73 | @@ -1,3 +1,37 @@ | |||
74 | 1 | openssh (1:9.2p1-2ubuntu1) mantic; urgency=medium | ||
75 | 2 | |||
76 | 3 | * Merge with Debian unstable (LP: #2018094). Remaining changes: | ||
77 | 4 | - debian/rules: modify dh_installsystemd invocations for | ||
78 | 5 | socket-activated sshd | ||
79 | 6 | - debian/openssh-server.postinst: handle migration of sshd_config options | ||
80 | 7 | to systemd socket options on upgrade. | ||
81 | 8 | - debian/README.Debian: document systemd socket activation. | ||
82 | 9 | - debian/patches/socket-activation-documentation.patch: Document in | ||
83 | 10 | sshd_config(5) that ListenAddress and Port no longer work. | ||
84 | 11 | - debian/openssh-server.templates: include debconf prompt explaining | ||
85 | 12 | when migration cannot happen due to multiple ListenAddress values | ||
86 | 13 | - debian/.gitignore: drop file | ||
87 | 14 | - debian/openssh-server.postrm: remove systemd drop-ins for | ||
88 | 15 | socket-activated sshd on purge | ||
89 | 16 | - debian/openssh-server.ucf-md5sum: Update list of stock sshd_config | ||
90 | 17 | checksums to include those from jammy and kinetic. | ||
91 | 18 | - debian/openssh-server.tmpfile,debian/systemd/ssh.service: Move | ||
92 | 19 | /run/sshd creation out of the systemd unit to a tmpfile config so | ||
93 | 20 | that sshd can be run manually if necessary without having to create | ||
94 | 21 | this directory by hand. | ||
95 | 22 | - debian/patches/systemd-socket-activation.patch: Fix sshd | ||
96 | 23 | re-execution behavior when socket activation is used | ||
97 | 24 | - debian/tests/systemd-socket-activation: Add autopkgtest for systemd socket | ||
98 | 25 | activation functionality. | ||
99 | 26 | * Dropped changes, included in Debian: | ||
100 | 27 | - debian/patches/systemd-socket-activation.patch: Initial implementation | ||
101 | 28 | * New changes: | ||
102 | 29 | - debian/README.Debian: mention drop-in configurations in instructions | ||
103 | 30 | for disabling sshd socket activation (LP: #2017434). | ||
104 | 31 | - debian/openssh-server.ucf-md5sum: update for Ubuntu delta | ||
105 | 32 | |||
106 | 33 | -- Nick Rosbrook <nick.rosbrook@canonical.com> Fri, 19 May 2023 15:18:17 -0400 | ||
107 | 34 | |||
108 | 1 | openssh (1:9.2p1-2) unstable; urgency=medium | 35 | openssh (1:9.2p1-2) unstable; urgency=medium |
109 | 2 | 36 | ||
110 | 3 | * Fix mistakenly-unreleased entry for 1:9.2p1-1 in debian/NEWS. | 37 | * Fix mistakenly-unreleased entry for 1:9.2p1-1 in debian/NEWS. |
111 | @@ -249,6 +283,105 @@ openssh (1:9.1p1-1) unstable; urgency=medium | |||
112 | 249 | 283 | ||
113 | 250 | -- Colin Watson <cjwatson@debian.org> Mon, 14 Nov 2022 16:25:45 +0000 | 284 | -- Colin Watson <cjwatson@debian.org> Mon, 14 Nov 2022 16:25:45 +0000 |
114 | 251 | 285 | ||
115 | 286 | openssh (1:9.0p1-1ubuntu8.1) lunar; urgency=medium | ||
116 | 287 | |||
117 | 288 | * debian/patches/systemd-socket-activation.patch: Fix re-execution behavior | ||
118 | 289 | (LP: #2011458): | ||
119 | 290 | - Remove FD_CLOEXEC on fds passed by systemd to prevent automatic closing | ||
120 | 291 | when sshd re-executes. | ||
121 | 292 | - Do not manually close fds passed by systemd when re-executing. | ||
122 | 293 | - Only call sd_listen_fds() once, and only in the parent process. | ||
123 | 294 | - Check the LISTEN_FDS environment variable to get the number of fds | ||
124 | 295 | passed by systemd when re-executing as a child process. | ||
125 | 296 | * debian/tests/systemd-socket-activation: Add autopkgtest for systemd socket | ||
126 | 297 | activation functionality. | ||
127 | 298 | |||
128 | 299 | -- Nick Rosbrook <nick.rosbrook@canonical.com> Fri, 31 Mar 2023 12:44:32 -0400 | ||
129 | 300 | |||
130 | 301 | openssh (1:9.0p1-1ubuntu8) lunar; urgency=medium | ||
131 | 302 | |||
132 | 303 | * debian/openssh-server.postinst: Fix handling of ListenAddress when a port | ||
133 | 304 | is specified (LP: #1993478): | ||
134 | 305 | - Strip port before converting hostnames to numerical addresses. | ||
135 | 306 | - Only append ports when the ListenAddress does not already specify a | ||
136 | 307 | port. | ||
137 | 308 | - Revert socket migration on upgrade if a previous version did the | ||
138 | 309 | migration when it should not have. | ||
139 | 310 | * debian/openssh-server.postinst: Ignore empty directory failure from rmdir | ||
140 | 311 | when skipping socket migration (LP: #1995294). | ||
141 | 312 | |||
142 | 313 | -- Nick Rosbrook <nick.rosbrook@canonical.com> Tue, 25 Oct 2022 11:57:43 -0400 | ||
143 | 314 | |||
144 | 315 | openssh (1:9.0p1-1ubuntu7) kinetic; urgency=medium | ||
145 | 316 | |||
146 | 317 | * Update list of stock sshd_config checksums to include those from | ||
147 | 318 | jammy and kinetic. | ||
148 | 319 | * Add a workaround for LP: #1990863 (now fixed in livecd-rootfs) to | ||
149 | 320 | avoid spurious ucf prompts on upgrade. | ||
150 | 321 | * Move /run/sshd creation out of the systemd unit to a tmpfile config | ||
151 | 322 | so that sshd can be run manually if necessary without having to create | ||
152 | 323 | this directory by hand. LP: #1991283. | ||
153 | 324 | |||
154 | 325 | [ Nick Rosbrook ] | ||
155 | 326 | * debian/openssh-server.postinst: Fix addresses.conf generation when only | ||
156 | 327 | non-default Port is used in /etc/ssh/sshd_config (LP: #1991199). | ||
157 | 328 | |||
158 | 329 | -- Steve Langasek <vorlon@debian.org> Mon, 26 Sep 2022 21:55:14 +0000 | ||
159 | 330 | |||
160 | 331 | openssh (1:9.0p1-1ubuntu6) kinetic; urgency=medium | ||
161 | 332 | |||
162 | 333 | * Fix syntax error in postinst :/ | ||
163 | 334 | |||
164 | 335 | -- Steve Langasek <vorlon@debian.org> Fri, 23 Sep 2022 19:51:32 +0000 | ||
165 | 336 | |||
166 | 337 | openssh (1:9.0p1-1ubuntu5) kinetic; urgency=medium | ||
167 | 338 | |||
168 | 339 | * Correctly handle the case of new installs, and correctly apply systemd | ||
169 | 340 | unit overrides on upgrade from existing kinetic systems. | ||
170 | 341 | |||
171 | 342 | -- Steve Langasek <vorlon@debian.org> Fri, 23 Sep 2022 19:45:18 +0000 | ||
172 | 343 | |||
173 | 344 | openssh (1:9.0p1-1ubuntu4) kinetic; urgency=medium | ||
174 | 345 | |||
175 | 346 | * Don't migrate users to socket activation if multiple ListenAddresses | ||
176 | 347 | might make sshd unreliable on boot. | ||
177 | 348 | * Fix regexp bug that prevented proper migration of IPv6 address settings. | ||
178 | 349 | |||
179 | 350 | -- Steve Langasek <vorlon@debian.org> Fri, 23 Sep 2022 19:35:37 +0000 | ||
180 | 351 | |||
181 | 352 | openssh (1:9.0p1-1ubuntu3) kinetic; urgency=medium | ||
182 | 353 | |||
183 | 354 | * Document in the default sshd_config file the changes in behavior | ||
184 | 355 | triggered by use of socket-based activation. | ||
185 | 356 | |||
186 | 357 | -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 26 Aug 2022 00:40:11 +0000 | ||
187 | 358 | |||
188 | 359 | openssh (1:9.0p1-1ubuntu2) kinetic; urgency=medium | ||
189 | 360 | |||
190 | 361 | * Fix manpage to not claim socket-based activation is the default on | ||
191 | 362 | Debian! | ||
192 | 363 | |||
193 | 364 | -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 26 Aug 2022 00:21:42 +0000 | ||
194 | 365 | |||
195 | 366 | openssh (1:9.0p1-1ubuntu1) kinetic; urgency=medium | ||
196 | 367 | |||
197 | 368 | * debian/patches/systemd-socket-activation.patch: support systemd | ||
198 | 369 | socket activation. | ||
199 | 370 | * debian/systemd/ssh.socket, debian/systemd/ssh.service: use socket | ||
200 | 371 | activation by default. | ||
201 | 372 | * debian/rules: rejigger dh_installsystemd invocations so ssh.service and | ||
202 | 373 | ssh.socket don't fight. | ||
203 | 374 | * debian/openssh-server.postinst: handle migration of sshd_config options | ||
204 | 375 | to systemd socket options on upgrade. | ||
205 | 376 | * debian/README.Debian: document systemd socket activation. | ||
206 | 377 | * debian/patches/socket-activation-documentation.patch: Document in | ||
207 | 378 | sshd_config(5) that ListenAddress and Port no longer work. | ||
208 | 379 | * debian/openssh-server.templates, debian/openssh-server.postinst: include | ||
209 | 380 | debconf warning about possible service failure with multiple | ||
210 | 381 | ListenAddress settings. | ||
211 | 382 | |||
212 | 383 | -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 19 Aug 2022 20:43:16 +0000 | ||
213 | 384 | |||
214 | 252 | openssh (1:9.0p1-1) unstable; urgency=medium | 385 | openssh (1:9.0p1-1) unstable; urgency=medium |
215 | 253 | 386 | ||
216 | 254 | * New upstream release (https://www.openssh.com/releasenotes.html#9.0p1): | 387 | * New upstream release (https://www.openssh.com/releasenotes.html#9.0p1): |
217 | diff --git a/debian/control b/debian/control | |||
218 | index f3ed979..aa9cc2e 100644 | |||
219 | --- a/debian/control | |||
220 | +++ b/debian/control | |||
221 | @@ -1,7 +1,8 @@ | |||
222 | 1 | Source: openssh | 1 | Source: openssh |
223 | 2 | Section: net | 2 | Section: net |
224 | 3 | Priority: standard | 3 | Priority: standard |
226 | 4 | Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org> | 4 | Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> |
227 | 5 | XSBC-Original-Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org> | ||
228 | 5 | Build-Depends: debhelper (>= 13.1~), | 6 | Build-Depends: debhelper (>= 13.1~), |
229 | 6 | debhelper-compat (= 13), | 7 | debhelper-compat (= 13), |
230 | 7 | dh-exec, | 8 | dh-exec, |
231 | diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst | |||
232 | index d38695f..a9d5894 100644 | |||
233 | --- a/debian/openssh-server.postinst | |||
234 | +++ b/debian/openssh-server.postinst | |||
235 | @@ -20,6 +20,86 @@ get_config_option() { | |||
236 | 20 | /etc/ssh/sshd_config | 20 | /etc/ssh/sshd_config |
237 | 21 | } | 21 | } |
238 | 22 | 22 | ||
239 | 23 | get_config_option_all() { | ||
240 | 24 | option="$1" | ||
241 | 25 | file="$2" | ||
242 | 26 | |||
243 | 27 | if [ -z "$file" ]; then | ||
244 | 28 | file=/etc/ssh/sshd_config | ||
245 | 29 | fi | ||
246 | 30 | |||
247 | 31 | [ -f "$file" ] || return 0 | ||
248 | 32 | # ListenAddress and Port only take a single word argument so anything | ||
249 | 33 | # after this must be a comment | ||
250 | 34 | while read option2 value junk; do | ||
251 | 35 | case $option2 in | ||
252 | 36 | $option) | ||
253 | 37 | echo $value | ||
254 | 38 | ;; | ||
255 | 39 | Include) | ||
256 | 40 | # globs | ||
257 | 41 | for f in $value; do | ||
258 | 42 | get_config_option_all "$option" "$f" | ||
259 | 43 | done | ||
260 | 44 | ;; | ||
261 | 45 | esac | ||
262 | 46 | done < $file | ||
263 | 47 | } | ||
264 | 48 | |||
265 | 49 | hostnames_to_addresses() { | ||
266 | 50 | addresses="$1" | ||
267 | 51 | for address in $addresses; do | ||
268 | 52 | address_no_port="$(address_strip_port $address)" | ||
269 | 53 | if echo "$address_no_port" | grep -q '^[0-9a-f:]\+$\|^[0-9.]\+$'; then | ||
270 | 54 | numeric_addresses="$numeric_addresses $address" | ||
271 | 55 | else | ||
272 | 56 | new_addresses=$( (getent ahostsv4 $address_no_port; | ||
273 | 57 | getent ahostsv6 $address_no_port) \ | ||
274 | 58 | | awk '$1 ~ /^::ffff:/ || $2 != "STREAM" { next; } | ||
275 | 59 | $1 ~ /:/ { print "[" $1 "]"; next; } | ||
276 | 60 | { print $1 }' \ | ||
277 | 61 | | sort -u) | ||
278 | 62 | port="$(port_from_address $address)" | ||
279 | 63 | if [ -n "$port" ]; then | ||
280 | 64 | new_addresses="$(for addr in $new_addresses; do echo $addr:$port; done)" | ||
281 | 65 | fi | ||
282 | 66 | numeric_addresses="$numeric_addresses $new_addresses" | ||
283 | 67 | fi | ||
284 | 68 | done | ||
285 | 69 | echo "$numeric_addresses" | ||
286 | 70 | } | ||
287 | 71 | |||
288 | 72 | port_from_address() { | ||
289 | 73 | address="$1" | ||
290 | 74 | if echo $address | grep -q '^\[[0-9a-f:]*\]:'; then | ||
291 | 75 | # This is an IPv6 address with a port. | ||
292 | 76 | port="$(echo $address | awk -F':' '{print $NF}')" | ||
293 | 77 | elif echo $address | grep -q '^\[[0-9a-f:]*\]\+$\|^[0-9a-f:]\+$'; then | ||
294 | 78 | # This is an IPv6 address without a port. | ||
295 | 79 | port="" | ||
296 | 80 | else | ||
297 | 81 | # This is an IPv4 address or hostname, where the port | ||
298 | 82 | # may or may not be specified. | ||
299 | 83 | port="$(echo $address | awk -F':' '{print $2}')" | ||
300 | 84 | fi | ||
301 | 85 | echo "$port" | ||
302 | 86 | } | ||
303 | 87 | |||
304 | 88 | address_strip_port() { | ||
305 | 89 | address="$1" | ||
306 | 90 | if echo $address | grep -q '^\[[0-9a-f:]*\]\(:\|$\)'; then | ||
307 | 91 | # This is an IPv6 address in brackets, with or without a port. | ||
308 | 92 | address_no_port="$(echo $address | awk -F '[][]' '{print $2}')" | ||
309 | 93 | elif echo $address | grep -q '^[0-9a-f:]\+$'; then | ||
310 | 94 | # This is an IPv6 address with no brackets and no port. | ||
311 | 95 | address_no_port="$address" | ||
312 | 96 | else | ||
313 | 97 | # This is an IPv4 address or hostname, where the port | ||
314 | 98 | # may or may not be specified. | ||
315 | 99 | address_no_port="$(echo $address | awk -F':' '{print $1}')" | ||
316 | 100 | fi | ||
317 | 101 | echo "$address_no_port" | ||
318 | 102 | } | ||
319 | 23 | 103 | ||
320 | 24 | host_keys_required() { | 104 | host_keys_required() { |
321 | 25 | hostkeys="$(get_config_option HostKey)" | 105 | hostkeys="$(get_config_option HostKey)" |
322 | @@ -71,15 +151,20 @@ create_keys() { | |||
323 | 71 | 151 | ||
324 | 72 | 152 | ||
325 | 73 | new_config= | 153 | new_config= |
326 | 154 | workaround= | ||
327 | 74 | 155 | ||
328 | 75 | cleanup() { | 156 | cleanup() { |
329 | 76 | if [ "$new_config" ]; then | 157 | if [ "$new_config" ]; then |
330 | 77 | rm -f "$new_config" | 158 | rm -f "$new_config" |
331 | 78 | fi | 159 | fi |
332 | 160 | if [ "$workaround" ]; then | ||
333 | 161 | rm -f "$workaround" | ||
334 | 162 | fi | ||
335 | 79 | } | 163 | } |
336 | 80 | 164 | ||
337 | 81 | 165 | ||
338 | 82 | create_sshdconfig() { | 166 | create_sshdconfig() { |
339 | 167 | prev_ver="$1" | ||
340 | 83 | # XXX cjwatson 2016-12-24: This debconf template is very confusingly | 168 | # XXX cjwatson 2016-12-24: This debconf template is very confusingly |
341 | 84 | # named; its description is "Disable SSH password authentication for | 169 | # named; its description is "Disable SSH password authentication for |
342 | 85 | # root?", so true -> prohibit-password (the upstream default), | 170 | # root?", so true -> prohibit-password (the upstream default), |
343 | @@ -101,6 +186,21 @@ create_sshdconfig() { | |||
344 | 101 | "$new_config" | 186 | "$new_config" |
345 | 102 | fi | 187 | fi |
346 | 103 | mkdir -pZ /etc/ssh | 188 | mkdir -pZ /etc/ssh |
347 | 189 | |||
348 | 190 | # Workaround for LP: #1968873: if we have an sshd_config with a known | ||
349 | 191 | # checksum, confirm it via ucf before applying the changes from | ||
350 | 192 | # the new version. | ||
351 | 193 | if dpkg --compare-versions "$prev_ver" lt-nl 1:9.0p1-1ubuntu7 \ | ||
352 | 194 | && grep -q "^$(md5sum /etc/ssh/sshd_config | awk '{ print $1 }')" \ | ||
353 | 195 | /usr/share/openssh/sshd_config.md5sum | ||
354 | 196 | then | ||
355 | 197 | workaround="$(mktemp)" | ||
356 | 198 | sed -e'14,16d' "$new_config" > "$workaround" | ||
357 | 199 | ucf --three-way --debconf-ok \ | ||
358 | 200 | --sum-file /usr/share/openssh/sshd_config.md5sum \ | ||
359 | 201 | "$workaround" /etc/ssh/sshd_config | ||
360 | 202 | fi | ||
361 | 203 | |||
362 | 104 | ucf --three-way --debconf-ok \ | 204 | ucf --three-way --debconf-ok \ |
363 | 105 | --sum-file /usr/share/openssh/sshd_config.md5sum \ | 205 | --sum-file /usr/share/openssh/sshd_config.md5sum \ |
364 | 106 | "$new_config" /etc/ssh/sshd_config | 206 | "$new_config" /etc/ssh/sshd_config |
365 | @@ -114,7 +214,7 @@ setup_sshd_user() { | |||
366 | 114 | } | 214 | } |
367 | 115 | 215 | ||
368 | 116 | if [ "$action" = configure ]; then | 216 | if [ "$action" = configure ]; then |
370 | 117 | create_sshdconfig | 217 | create_sshdconfig "$2" |
371 | 118 | create_keys | 218 | create_keys |
372 | 119 | setup_sshd_user | 219 | setup_sshd_user |
373 | 120 | if dpkg --compare-versions "$2" lt-nl 1:7.9p1-5 && \ | 220 | if dpkg --compare-versions "$2" lt-nl 1:7.9p1-5 && \ |
374 | @@ -127,18 +227,104 @@ if [ "$action" = configure ]; then | |||
375 | 127 | # which we now move back into place. | 227 | # which we now move back into place. |
376 | 128 | mv /etc/ssh/moduli.dpkg-bak /etc/ssh/moduli | 228 | mv /etc/ssh/moduli.dpkg-bak /etc/ssh/moduli |
377 | 129 | fi | 229 | fi |
381 | 130 | if dpkg --compare-versions "$2" lt-nl 1:9.1p1-1~ && \ | 230 | if dpkg --compare-versions "$2" lt-nl 1:9.0p1-1ubuntu8~ |
379 | 131 | deb-systemd-helper --quiet was-enabled ssh.socket && \ | ||
380 | 132 | [ -d /run/systemd/system ] | ||
382 | 133 | then | 231 | then |
383 | 134 | # migrate to systemd socket activation. | 232 | # migrate to systemd socket activation. |
386 | 135 | systemctl unmask ssh.service | 233 | addresses=$(get_config_option_all ListenAddress) |
387 | 136 | systemctl disable ssh.service | 234 | addresses=$(hostnames_to_addresses "$addresses") |
388 | 235 | ports=$(get_config_option_all Port) | ||
389 | 236 | if [ -n "$addresses$ports" ] | ||
390 | 237 | then | ||
391 | 238 | override_dir=/etc/systemd/system/ssh.socket.d | ||
392 | 239 | mkdir -p "$override_dir" | ||
393 | 240 | echo '[Socket]' > "$override_dir"/addresses.conf.new | ||
394 | 241 | echo 'ListenStream=' >> "$override_dir"/addresses.conf.new | ||
395 | 242 | fi | ||
396 | 243 | if [ -n "$addresses" ]; then | ||
397 | 244 | [ -n "$ports" ] || ports=22 | ||
398 | 245 | count=0 | ||
399 | 246 | for address in $addresses; do | ||
400 | 247 | count=$((count+1)) | ||
401 | 248 | port_from_address="$(port_from_address $address)" | ||
402 | 249 | if [ -z "$port_from_address" ]; then | ||
403 | 250 | for port in $ports; do | ||
404 | 251 | echo "ListenStream=$address:$port" \ | ||
405 | 252 | >> "$override_dir"/addresses.conf.new | ||
406 | 253 | done | ||
407 | 254 | else | ||
408 | 255 | echo "ListenStream=$address" \ | ||
409 | 256 | >> "$override_dir"/addresses.conf.new | ||
410 | 257 | fi | ||
411 | 258 | done | ||
412 | 259 | if [ $count -gt 1 ]; then | ||
413 | 260 | db_input critical openssh-server/listenstream-may-fail || true | ||
414 | 261 | db_go || true | ||
415 | 262 | rm -f "$override_dir"/addresses.conf.new | ||
416 | 263 | rmdir --ignore-fail-on-non-empty "$override_dir" | ||
417 | 264 | NO_SOCKET_MIGRATION=1 | ||
418 | 265 | fi | ||
419 | 266 | elif [ -n "$ports" ]; then | ||
420 | 267 | for port in $ports; do | ||
421 | 268 | echo "ListenStream=$port" \ | ||
422 | 269 | >> "$override_dir"/addresses.conf.new | ||
423 | 270 | done | ||
424 | 271 | fi | ||
425 | 272 | |||
426 | 273 | if [ -z "$NO_SOCKET_MIGRATION" ] && [ -n "$addresses$ports" ] | ||
427 | 274 | then | ||
428 | 275 | mv "$override_dir"/addresses.conf.new \ | ||
429 | 276 | "$override_dir"/addresses.conf | ||
430 | 277 | fi | ||
431 | 278 | fi | ||
432 | 279 | if dpkg --compare-versions "$2" lt 1:9.0p1-1ubuntu5~; then | ||
433 | 280 | if [ -z "$NO_SOCKET_MIGRATION" ]; then | ||
434 | 281 | override_dir=/etc/systemd/system/ssh.service.d | ||
435 | 282 | mkdir -p "$override_dir" | ||
436 | 283 | echo '[Unit]' > "$override_dir"/00-socket.conf | ||
437 | 284 | echo 'After=ssh.socket' >> "$override_dir"/00-socket.conf | ||
438 | 285 | echo 'Requires=ssh.socket' >> "$override_dir"/00-socket.conf | ||
439 | 286 | |||
440 | 287 | # deb-systemd-helper is inadequate for the task of | ||
441 | 288 | # changing policy for the units on upgrade | ||
442 | 289 | if [ -d /run/systemd/system ]; then | ||
443 | 290 | systemctl daemon-reload | ||
444 | 291 | systemctl disable ssh.service | ||
445 | 292 | systemctl unmask ssh.service | ||
446 | 293 | systemctl stop ssh.service | ||
447 | 294 | systemctl enable ssh.socket | ||
448 | 295 | fi | ||
449 | 296 | fi | ||
450 | 137 | fi | 297 | fi |
451 | 298 | |||
452 | 299 | # Revert socket migration if we can determine the user hit | ||
453 | 300 | # LP: #1993478. | ||
454 | 301 | if dpkg --compare-versions "$2" lt-nl 1:9.0p1-1ubuntu7~ \ | ||
455 | 302 | && [ -e /etc/systemd/system/ssh.socket.d/addresses.conf ] \ | ||
456 | 303 | && [ -e /etc/systemd/system/ssh.service.d/00-socket.conf ] \ | ||
457 | 304 | && [ -n "$NO_SOCKET_MIGRATION" ]; then | ||
458 | 305 | rm /etc/systemd/system/ssh.socket.d/addresses.conf | ||
459 | 306 | rmdir --ignore-fail-on-non-empty /etc/systemd/system/ssh.socket.d | ||
460 | 307 | rm /etc/systemd/system/ssh.service.d/00-socket.conf | ||
461 | 308 | rmdir --ignore-fail-on-non-empty /etc/systemd/system/ssh.service.d | ||
462 | 309 | if [ -d /run/systemd/system ]; then | ||
463 | 310 | systemctl daemon-reload | ||
464 | 311 | systemctl disable ssh.socket | ||
465 | 312 | systemctl stop ssh.socket | ||
466 | 313 | systemctl enable ssh.service | ||
467 | 314 | fi | ||
468 | 315 | fi | ||
469 | 138 | fi | 316 | fi |
470 | 139 | 317 | ||
471 | 140 | #DEBHELPER# | 318 | #DEBHELPER# |
472 | 141 | 319 | ||
473 | 320 | if [ -d /run/systemd/system ]; then | ||
474 | 321 | if deb-systemd-helper --quiet was-enabled ssh.socket; then | ||
475 | 322 | deb-systemd-invoke restart ssh.socket | ||
476 | 323 | elif deb-systemd-helper --quiet was-enabled ssh.service; then | ||
477 | 324 | deb-systemd-invoke restart ssh.service | ||
478 | 325 | fi | ||
479 | 326 | fi | ||
480 | 327 | |||
481 | 142 | db_stop | 328 | db_stop |
482 | 143 | 329 | ||
483 | 144 | exit 0 | 330 | exit 0 |
484 | diff --git a/debian/openssh-server.postrm b/debian/openssh-server.postrm | |||
485 | index fbaeb17..46798dd 100644 | |||
486 | --- a/debian/openssh-server.postrm | |||
487 | +++ b/debian/openssh-server.postrm | |||
488 | @@ -23,6 +23,10 @@ case $1 in | |||
489 | 23 | if command -v ucfr >/dev/null 2>&1; then | 23 | if command -v ucfr >/dev/null 2>&1; then |
490 | 24 | ucfr --purge openssh-server /etc/ssh/sshd_config | 24 | ucfr --purge openssh-server /etc/ssh/sshd_config |
491 | 25 | fi | 25 | fi |
492 | 26 | rm -f /etc/systemd/system/ssh.service.d/00-socket.conf | ||
493 | 27 | rm -f /etc/systemd/system/ssh.socket.d/addresses.conf | ||
494 | 28 | rmdir /etc/systemd/system/ssh.service.d || true | ||
495 | 29 | rmdir /etc/systemd/system/ssh.socket.d || true | ||
496 | 26 | rm -f /etc/ssh/sshd_not_to_be_run | 30 | rm -f /etc/ssh/sshd_not_to_be_run |
497 | 27 | [ ! -d /etc/ssh ] || rmdir --ignore-fail-on-non-empty /etc/ssh | 31 | [ ! -d /etc/ssh ] || rmdir --ignore-fail-on-non-empty /etc/ssh |
498 | 28 | 32 | ||
499 | diff --git a/debian/openssh-server.templates b/debian/openssh-server.templates | |||
500 | index e071fe3..31f2935 100644 | |||
501 | --- a/debian/openssh-server.templates | |||
502 | +++ b/debian/openssh-server.templates | |||
503 | @@ -21,3 +21,15 @@ Description: Allow password authentication? | |||
504 | 21 | By default, the SSH server will allow authenticating using a password. | 21 | By default, the SSH server will allow authenticating using a password. |
505 | 22 | You may want to change this if all users on this system authenticate using | 22 | You may want to change this if all users on this system authenticate using |
506 | 23 | a stronger authentication method, such as public keys. | 23 | a stronger authentication method, such as public keys. |
507 | 24 | |||
508 | 25 | Template: openssh-server/listenstream-may-fail | ||
509 | 26 | Type: error | ||
510 | 27 | _Description: Not migrating to socket activation | ||
511 | 28 | This version of openssh-server uses socket-based activation by default. | ||
512 | 29 | However, because you have more than one ListenAddress configured in | ||
513 | 30 | sshd_config, it is impossible to determine at upgrade time if migrating | ||
514 | 31 | you to socket-based activation would cause the starting of sshd at boot | ||
515 | 32 | to be unreliable. | ||
516 | 33 | . | ||
517 | 34 | Because a failure to start ssh may make it impossible to admininister a | ||
518 | 35 | system, you will not be migrated to socket-based activation at this time. | ||
519 | diff --git a/debian/openssh-server.tmpfile b/debian/openssh-server.tmpfile | |||
520 | 24 | new file mode 100644 | 36 | new file mode 100644 |
521 | index 0000000..76c6323 | |||
522 | --- /dev/null | |||
523 | +++ b/debian/openssh-server.tmpfile | |||
524 | @@ -0,0 +1,2 @@ | |||
525 | 1 | #Type Path Mode UID GID Age Arguments | ||
526 | 2 | D /run/sshd 0755 root root - - | ||
527 | diff --git a/debian/openssh-server.ucf-md5sum b/debian/openssh-server.ucf-md5sum | |||
528 | index 3a9dc23..9a8efb6 100644 | |||
529 | --- a/debian/openssh-server.ucf-md5sum | |||
530 | +++ b/debian/openssh-server.ucf-md5sum | |||
531 | @@ -103,8 +103,32 @@ cc873ab3ccc9cf3a3830c3c0728c0d0b | |||
532 | 103 | 9f1bec115595c0f76282d80abe5d9bcc | 103 | 9f1bec115595c0f76282d80abe5d9bcc |
533 | 104 | ae1a449c8adb31cb603e28fda5342696 | 104 | ae1a449c8adb31cb603e28fda5342696 |
534 | 105 | 105 | ||
535 | 106 | # From 1:8.4p1-5 | ||
536 | 107 | 6dbdc3a27e1953d209f929df7aff0c57 | ||
537 | 108 | 0ef8c8fe6a3afd12382dbb93cd7bbb4e | ||
538 | 109 | ae1a449c8adb31cb603e28fda5342696 | ||
539 | 110 | 9f1bec115595c0f76282d80abe5d9bcc | ||
540 | 111 | |||
541 | 106 | # From 1:8.7p1-1: | 112 | # From 1:8.7p1-1: |
542 | 107 | fe83fd23553510bb632dc8e6e35ab41a | 113 | fe83fd23553510bb632dc8e6e35ab41a |
543 | 108 | d96ecd9064ea650c44372a5a33d3e497 | 114 | d96ecd9064ea650c44372a5a33d3e497 |
544 | 109 | 7fdb195ac56e0bf1992e18ac656811af | 115 | 7fdb195ac56e0bf1992e18ac656811af |
545 | 110 | 4e03b4df60cd00c651777ec14ff76aef | 116 | 4e03b4df60cd00c651777ec14ff76aef |
546 | 117 | |||
547 | 118 | # From 1:8.9p1-3 | ||
548 | 119 | 30e0fe758429c57d35a5e71dbd8dd2f8 | ||
549 | 120 | 23a8a2b1a8f1538be49eb86313367191 | ||
550 | 121 | 133f5f0119fbf5716b7d72048b25ea71 | ||
551 | 122 | 697a81708f11897cb0fef857563dee55 | ||
552 | 123 | |||
553 | 124 | # From 1:9.0p1-1ubuntu3 | ||
554 | 125 | 90ace5da6c7eb3041732930972662f34 | ||
555 | 126 | b2c07b86695152141e84f44e4414104a | ||
556 | 127 | e7b9120b6e68c5666ac21a0cc03d4806 | ||
557 | 128 | 9389be84e67cd5a91b97de5ff03c9306 | ||
558 | 129 | |||
559 | 130 | # From 1:9.2p1-2ubuntu1 | ||
560 | 131 | fac56840f6697a357368bb878dd8fb87 | ||
561 | 132 | d01da8c9de75176095712d4e37d5dcd5 | ||
562 | 133 | e4898846045f33b8d99d3263d6f6fd81 | ||
563 | 134 | ec46dc59ba9c9e9458add405264fcedd | ||
564 | diff --git a/debian/patches/series b/debian/patches/series | |||
565 | index cbbfc88..e7e2a9c 100644 | |||
566 | --- a/debian/patches/series | |||
567 | +++ b/debian/patches/series | |||
568 | @@ -26,3 +26,4 @@ maxhostnamelen.patch | |||
569 | 26 | conch-ssh-rsa.patch | 26 | conch-ssh-rsa.patch |
570 | 27 | systemd-socket-activation.patch | 27 | systemd-socket-activation.patch |
571 | 28 | remove-spurious-ssh-agent-options.patch | 28 | remove-spurious-ssh-agent-options.patch |
572 | 29 | socket-activation-documentation.patch | ||
573 | diff --git a/debian/patches/socket-activation-documentation.patch b/debian/patches/socket-activation-documentation.patch | |||
574 | 29 | new file mode 100644 | 30 | new file mode 100644 |
575 | index 0000000..9afde55 | |||
576 | --- /dev/null | |||
577 | +++ b/debian/patches/socket-activation-documentation.patch | |||
578 | @@ -0,0 +1,50 @@ | |||
579 | 1 | Index: openssh-9.0p1/sshd_config.5 | ||
580 | 2 | =================================================================== | ||
581 | 3 | --- openssh-9.0p1.orig/sshd_config.5 | ||
582 | 4 | +++ openssh-9.0p1/sshd_config.5 | ||
583 | 5 | @@ -1069,6 +1069,15 @@ | ||
584 | 6 | Multiple | ||
585 | 7 | .Cm ListenAddress | ||
586 | 8 | options are permitted. | ||
587 | 9 | +.Pp | ||
588 | 10 | +.Cm Note: | ||
589 | 11 | +On Ubuntu, the openssh-server package is configured to use systemd | ||
590 | 12 | +socket-based activation by default. Therefore if you are using systemd with | ||
591 | 13 | +the default configuration, | ||
592 | 14 | +.Cm ListenAddress | ||
593 | 15 | +options will not be honored. Address configuration must be handled in | ||
594 | 16 | +.Pa /etc/systemd/system/ssh.socket.d | ||
595 | 17 | +instead. | ||
596 | 18 | .It Cm LoginGraceTime | ||
597 | 19 | The server disconnects after this time if the user has not | ||
598 | 20 | successfully logged in. | ||
599 | 21 | @@ -1520,6 +1529,15 @@ | ||
600 | 22 | Multiple options of this type are permitted. | ||
601 | 23 | See also | ||
602 | 24 | .Cm ListenAddress . | ||
603 | 25 | +.Pp | ||
604 | 26 | +.Cm Note: | ||
605 | 27 | +On Ubuntu, the openssh-server package is configured to use systemd | ||
606 | 28 | +socket-based activation by default. Therefore if you are using systemd with | ||
607 | 29 | +the default configuration, | ||
608 | 30 | +.Cm Port | ||
609 | 31 | +options will not be honored. Address configuration must be handled in | ||
610 | 32 | +.Pa /etc/systemd/system/ssh.socket.d | ||
611 | 33 | +instead. | ||
612 | 34 | .It Cm PrintLastLog | ||
613 | 35 | Specifies whether | ||
614 | 36 | .Xr sshd 8 | ||
615 | 37 | Index: openssh-9.0p1/sshd_config | ||
616 | 38 | =================================================================== | ||
617 | 39 | --- openssh-9.0p1.orig/sshd_config | ||
618 | 40 | +++ openssh-9.0p1/sshd_config | ||
619 | 41 | @@ -12,6 +12,9 @@ | ||
620 | 42 | |||
621 | 43 | Include /etc/ssh/sshd_config.d/*.conf | ||
622 | 44 | |||
623 | 45 | +# Port and ListenAddress options are not used when sshd is socket-activated, | ||
624 | 46 | +# which is now the default in Ubuntu. See sshd_config(5) and | ||
625 | 47 | +# /usr/share/doc/openssh-server/README.Debian.gz for details. | ||
626 | 48 | #Port 22 | ||
627 | 49 | #AddressFamily any | ||
628 | 50 | #ListenAddress 0.0.0.0 | ||
629 | diff --git a/debian/patches/systemd-socket-activation.patch b/debian/patches/systemd-socket-activation.patch | |||
630 | index 5441622..3bfa116 100644 | |||
631 | --- a/debian/patches/systemd-socket-activation.patch | |||
632 | +++ b/debian/patches/systemd-socket-activation.patch | |||
633 | @@ -1,47 +1,72 @@ | |||
638 | 1 | From 4cedd1c9acac0fba598db2eaf43278dfe8e53ef0 Mon Sep 17 00:00:00 2001 | 1 | Description: support systemd socket activation |
639 | 2 | From: Steve Langasek <steve.langasek@ubuntu.com> | 2 | Unlike inetd socket activation, with systemd socket activation the |
640 | 3 | Date: Thu, 1 Sep 2022 16:03:37 +0100 | 3 | supervisor passes the listened-on socket to the child process and lets |
641 | 4 | Subject: Support systemd socket activation | 4 | the child process handle the accept(). This lets us do delayed start |
642 | 5 | of the sshd daemon without becoming incompatible with config options | ||
643 | 6 | like ClientAliveCountMax. | ||
644 | 7 | Author: Steve Langasek <steve.langasek@ubuntu.com> | ||
645 | 8 | Author: Nick Rosbrook <nick.rosbrook@canonical.com> | ||
646 | 9 | Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2011458 | ||
647 | 10 | Last-Update: 2023-04-17 | ||
648 | 5 | 11 | ||
649 | 6 | Unlike inetd socket activation, with systemd socket activation the | ||
650 | 7 | supervisor passes the listened-on socket to the child process and lets | ||
651 | 8 | the child process handle the accept(). This lets us do delayed start | ||
652 | 9 | of the sshd daemon without becoming incompatible with config options | ||
653 | 10 | like ClientAliveCountMax. | ||
654 | 11 | |||
655 | 12 | Last-Update: 2022-09-01 | ||
656 | 13 | |||
657 | 14 | Patch-Name: systemd-socket-activation.patch | ||
658 | 15 | --- | ||
659 | 16 | sshd.c | 89 +++++++++++++++++++++++++++++++++++++++++++++++++--------- | ||
660 | 17 | 1 file changed, 75 insertions(+), 14 deletions(-) | ||
661 | 18 | |||
662 | 19 | diff --git a/sshd.c b/sshd.c | ||
663 | 20 | index 0a4eefe01..fc22fcb62 100644 | ||
664 | 21 | --- a/sshd.c | 12 | --- a/sshd.c |
665 | 22 | +++ b/sshd.c | 13 | +++ b/sshd.c |
667 | 23 | @@ -141,10 +141,16 @@ int deny_severity; | 14 | @@ -140,11 +140,14 @@ |
668 | 15 | int deny_severity; | ||
669 | 24 | #endif /* LIBWRAP */ | 16 | #endif /* LIBWRAP */ |
670 | 25 | 17 | ||
671 | 18 | +/* This will only get set if we build with systemd. */ | ||
672 | 19 | +static int systemd_num_listen_fds; | ||
673 | 20 | + | ||
674 | 26 | /* Re-exec fds */ | 21 | /* Re-exec fds */ |
675 | 27 | -#define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1) | 22 | -#define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1) |
676 | 28 | -#define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2) | 23 | -#define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2) |
677 | 29 | -#define REEXEC_CONFIG_PASS_FD (STDERR_FILENO + 3) | 24 | -#define REEXEC_CONFIG_PASS_FD (STDERR_FILENO + 3) |
678 | 30 | -#define REEXEC_MIN_FREE_FD (STDERR_FILENO + 4) | 25 | -#define REEXEC_MIN_FREE_FD (STDERR_FILENO + 4) |
689 | 31 | +#ifdef HAVE_SYSTEMD | 26 | +#define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1 + systemd_num_listen_fds) |
690 | 32 | +#define SYSTEMD_OFFSET sd_listen_fds(0) | 27 | +#define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2 + systemd_num_listen_fds) |
691 | 33 | +#else | 28 | +#define REEXEC_CONFIG_PASS_FD (STDERR_FILENO + 3 + systemd_num_listen_fds) |
692 | 34 | +#define SYSTEMD_OFFSET 0 | 29 | +#define REEXEC_MIN_FREE_FD (STDERR_FILENO + 4 + systemd_num_listen_fds) |
683 | 35 | +#endif | ||
684 | 36 | + | ||
685 | 37 | +#define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1 + SYSTEMD_OFFSET) | ||
686 | 38 | +#define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2 + SYSTEMD_OFFSET) | ||
687 | 39 | +#define REEXEC_CONFIG_PASS_FD (STDERR_FILENO + 3 + SYSTEMD_OFFSET) | ||
688 | 40 | +#define REEXEC_MIN_FREE_FD (STDERR_FILENO + 4 + SYSTEMD_OFFSET) | ||
693 | 41 | 30 | ||
694 | 42 | extern char *__progname; | 31 | extern char *__progname; |
695 | 43 | 32 | ||
697 | 44 | @@ -1025,6 +1031,48 @@ server_accept_inetd(int *sock_in, int *sock_out) | 33 | @@ -195,6 +198,7 @@ |
698 | 34 | */ | ||
699 | 35 | #define MAX_LISTEN_SOCKS 16 | ||
700 | 36 | static int listen_socks[MAX_LISTEN_SOCKS]; | ||
701 | 37 | +static int listen_socks_no_close[MAX_LISTEN_SOCKS]; | ||
702 | 38 | static int num_listen_socks = 0; | ||
703 | 39 | |||
704 | 40 | /* Daemon's agent connection */ | ||
705 | 41 | @@ -280,12 +284,16 @@ | ||
706 | 42 | * Close all listening sockets | ||
707 | 43 | */ | ||
708 | 44 | static void | ||
709 | 45 | -close_listen_socks(void) | ||
710 | 46 | +close_listen_socks(int force) | ||
711 | 47 | { | ||
712 | 48 | int i; | ||
713 | 49 | |||
714 | 50 | - for (i = 0; i < num_listen_socks; i++) | ||
715 | 51 | + for (i = 0; i < num_listen_socks; i++) { | ||
716 | 52 | + if (listen_socks_no_close[i] > 0 && force <= 0) | ||
717 | 53 | + continue; | ||
718 | 54 | + | ||
719 | 55 | close(listen_socks[i]); | ||
720 | 56 | + } | ||
721 | 57 | num_listen_socks = 0; | ||
722 | 58 | } | ||
723 | 59 | |||
724 | 60 | @@ -324,7 +332,7 @@ | ||
725 | 61 | if (options.pid_file != NULL) | ||
726 | 62 | unlink(options.pid_file); | ||
727 | 63 | platform_pre_restart(); | ||
728 | 64 | - close_listen_socks(); | ||
729 | 65 | + close_listen_socks(/* force = */ 0); | ||
730 | 66 | close_startup_pipes(); | ||
731 | 67 | ssh_signal(SIGHUP, SIG_IGN); /* will be restored after exec */ | ||
732 | 68 | execv(saved_argv[0], saved_argv); | ||
733 | 69 | @@ -1033,6 +1041,65 @@ | ||
734 | 45 | debug("inetd sockets after dupping: %d, %d", *sock_in, *sock_out); | 70 | debug("inetd sockets after dupping: %d, %d", *sock_in, *sock_out); |
735 | 46 | } | 71 | } |
736 | 47 | 72 | ||
737 | @@ -52,7 +77,7 @@ index 0a4eefe01..fc22fcb62 100644 | |||
738 | 52 | +static void | 77 | +static void |
739 | 53 | +setup_systemd_socket(int listen_sock) | 78 | +setup_systemd_socket(int listen_sock) |
740 | 54 | +{ | 79 | +{ |
742 | 55 | + int ret; | 80 | + int flags, ret; |
743 | 56 | + struct sockaddr_storage addr; | 81 | + struct sockaddr_storage addr; |
744 | 57 | + socklen_t len = sizeof(addr); | 82 | + socklen_t len = sizeof(addr); |
745 | 58 | + char ntop[NI_MAXHOST], strport[NI_MAXSERV]; | 83 | + char ntop[NI_MAXHOST], strport[NI_MAXSERV]; |
746 | @@ -77,10 +102,27 @@ index 0a4eefe01..fc22fcb62 100644 | |||
747 | 77 | + close(listen_sock); | 102 | + close(listen_sock); |
748 | 78 | + return; | 103 | + return; |
749 | 79 | + } | 104 | + } |
750 | 105 | + | ||
751 | 80 | + /* Socket options */ | 106 | + /* Socket options */ |
752 | 81 | + set_reuseaddr(listen_sock); | 107 | + set_reuseaddr(listen_sock); |
753 | 82 | + | 108 | + |
754 | 109 | + /* systemd sets FD_CLOEXEC on the fds it passes to us, but we need this | ||
755 | 110 | + * to stay open across re-exec. */ | ||
756 | 111 | + flags = fcntl(listen_sock, F_GETFD); | ||
757 | 112 | + if (flags < 0) { | ||
758 | 113 | + error("Failed to get fd flags: %s", strerror(errno)); | ||
759 | 114 | + close(listen_sock); | ||
760 | 115 | + return; | ||
761 | 116 | + } | ||
762 | 117 | + | ||
763 | 118 | + if (fcntl(listen_sock, F_SETFD, flags & ~FD_CLOEXEC) < 0) { | ||
764 | 119 | + error("Failed to clear FD_CLOEXEC flag: %s", strerror(errno)); | ||
765 | 120 | + close(listen_sock); | ||
766 | 121 | + return; | ||
767 | 122 | + } | ||
768 | 123 | + | ||
769 | 83 | + listen_socks[num_listen_socks] = listen_sock; | 124 | + listen_socks[num_listen_socks] = listen_sock; |
770 | 125 | + listen_socks_no_close[num_listen_socks] = 1; | ||
771 | 84 | + num_listen_socks++; | 126 | + num_listen_socks++; |
772 | 85 | + | 127 | + |
773 | 86 | + logit("Server listening on %s port %s.", ntop, strport); | 128 | + logit("Server listening on %s port %s.", ntop, strport); |
774 | @@ -90,15 +132,7 @@ index 0a4eefe01..fc22fcb62 100644 | |||
775 | 90 | /* | 132 | /* |
776 | 91 | * Listen for TCP connections | 133 | * Listen for TCP connections |
777 | 92 | */ | 134 | */ |
787 | 93 | @@ -1104,22 +1152,35 @@ static void | 135 | @@ -1117,17 +1184,26 @@ |
779 | 94 | server_listen(void) | ||
780 | 95 | { | ||
781 | 96 | u_int i; | ||
782 | 97 | +#ifdef HAVE_SYSTEMD | ||
783 | 98 | + int systemd_socket_count; | ||
784 | 99 | +#endif | ||
785 | 100 | |||
786 | 101 | /* Initialise per-source limit tracking. */ | ||
788 | 102 | srclimit_init(options.max_startups, options.per_source_max_startups, | 136 | srclimit_init(options.max_startups, options.per_source_max_startups, |
789 | 103 | options.per_source_masklen_ipv4, options.per_source_masklen_ipv6); | 137 | options.per_source_masklen_ipv4, options.per_source_masklen_ipv6); |
790 | 104 | 138 | ||
791 | @@ -109,11 +143,10 @@ index 0a4eefe01..fc22fcb62 100644 | |||
792 | 109 | - memset(&options.listen_addrs[i], 0, | 143 | - memset(&options.listen_addrs[i], 0, |
793 | 110 | - sizeof(options.listen_addrs[i])); | 144 | - sizeof(options.listen_addrs[i])); |
794 | 111 | +#ifdef HAVE_SYSTEMD | 145 | +#ifdef HAVE_SYSTEMD |
797 | 112 | + systemd_socket_count = sd_listen_fds(0); | 146 | + if (systemd_num_listen_fds > 0) |
796 | 113 | + if (systemd_socket_count > 0) | ||
798 | 114 | + { | 147 | + { |
799 | 115 | + int i; | 148 | + int i; |
801 | 116 | + for (i = 0; i < systemd_socket_count; i++) | 149 | + for (i = 0; i < systemd_num_listen_fds; i++) |
802 | 117 | + setup_systemd_socket(SD_LISTEN_FDS_START + i); | 150 | + setup_systemd_socket(SD_LISTEN_FDS_START + i); |
803 | 118 | + } else | 151 | + } else |
804 | 119 | +#endif | 152 | +#endif |
805 | @@ -136,3 +169,78 @@ index 0a4eefe01..fc22fcb62 100644 | |||
806 | 136 | if (!num_listen_socks) | 169 | if (!num_listen_socks) |
807 | 137 | fatal("Cannot bind any address."); | 170 | fatal("Cannot bind any address."); |
808 | 138 | } | 171 | } |
809 | 172 | @@ -1182,7 +1258,7 @@ | ||
810 | 173 | if (received_sigterm) { | ||
811 | 174 | logit("Received signal %d; terminating.", | ||
812 | 175 | (int) received_sigterm); | ||
813 | 176 | - close_listen_socks(); | ||
814 | 177 | + close_listen_socks(/* force = */ 1); | ||
815 | 178 | if (options.pid_file != NULL) | ||
816 | 179 | unlink(options.pid_file); | ||
817 | 180 | exit(received_sigterm == SIGTERM ? 0 : 255); | ||
818 | 181 | @@ -1196,7 +1272,7 @@ | ||
819 | 182 | if (received_sighup) { | ||
820 | 183 | if (!lameduck) { | ||
821 | 184 | debug("Received SIGHUP; waiting for children"); | ||
822 | 185 | - close_listen_socks(); | ||
823 | 186 | + close_listen_socks(/* force = */ 0); | ||
824 | 187 | lameduck = 1; | ||
825 | 188 | } | ||
826 | 189 | if (listening <= 0) { | ||
827 | 190 | @@ -1319,7 +1395,7 @@ | ||
828 | 191 | * connection without forking. | ||
829 | 192 | */ | ||
830 | 193 | debug("Server will not fork when running in debugging mode."); | ||
831 | 194 | - close_listen_socks(); | ||
832 | 195 | + close_listen_socks(/* force = */ 0); | ||
833 | 196 | *sock_in = *newsock; | ||
834 | 197 | *sock_out = *newsock; | ||
835 | 198 | close(startup_p[0]); | ||
836 | 199 | @@ -1353,7 +1429,7 @@ | ||
837 | 200 | platform_post_fork_child(); | ||
838 | 201 | startup_pipe = startup_p[1]; | ||
839 | 202 | close_startup_pipes(); | ||
840 | 203 | - close_listen_socks(); | ||
841 | 204 | + close_listen_socks(/* force = */ 0); | ||
842 | 205 | *sock_in = *newsock; | ||
843 | 206 | *sock_out = *newsock; | ||
844 | 207 | log_init(__progname, | ||
845 | 208 | @@ -1701,6 +1777,38 @@ | ||
846 | 209 | break; | ||
847 | 210 | } | ||
848 | 211 | } | ||
849 | 212 | + | ||
850 | 213 | +#ifdef HAVE_SYSTEMD | ||
851 | 214 | + /* We should call sd_listen_fds() exactly once, and only in the parent | ||
852 | 215 | + * process. | ||
853 | 216 | + * | ||
854 | 217 | + * If the parent calls sd_listen_fds() more than once, then FD_CLOEXEC | ||
855 | 218 | + * will be re-configured for the passed fds, which will cause problems | ||
856 | 219 | + * during re-execution. The FD_CLOEXEC flag will be cleared by | ||
857 | 220 | + * setup_systemd_socket(). | ||
858 | 221 | + * | ||
859 | 222 | + * If the child calls sd_listen_fds(), it will return 0 because it will | ||
860 | 223 | + * compare our pid to the LISTEN_PID environment variable, and only | ||
861 | 224 | + * return LISTEN_FDS if they match. Thus, when we are a child process, | ||
862 | 225 | + * check the LISTEN_FDS ourselves. */ | ||
863 | 226 | + if (rexeced_flag) { | ||
864 | 227 | + const char* s = getenv("LISTEN_FDS"); | ||
865 | 228 | + if (s && s[0] != '\0') { | ||
866 | 229 | + errno = 0; | ||
867 | 230 | + r = (int)strtonum(s, 0, MAX_LISTEN_SOCKS, NULL); | ||
868 | 231 | + if (errno > 0) | ||
869 | 232 | + fatal("Failed to parse LISTEN_FDS: %s", strerror(errno)); | ||
870 | 233 | + } else | ||
871 | 234 | + r = 0; | ||
872 | 235 | + } else { | ||
873 | 236 | + r = sd_listen_fds(0); | ||
874 | 237 | + if (r < 0) | ||
875 | 238 | + fatal("Failed to get systemd socket fds: %s", strerror(-r)); | ||
876 | 239 | + } | ||
877 | 240 | + | ||
878 | 241 | + systemd_num_listen_fds = r; | ||
879 | 242 | +#endif | ||
880 | 243 | + | ||
881 | 244 | if (rexeced_flag || inetd_flag) | ||
882 | 245 | rexec_flag = 0; | ||
883 | 246 | if (!test_flag && rexec_flag && !path_absolute(av[0])) | ||
884 | diff --git a/debian/po/cs.po b/debian/po/cs.po | |||
885 | index d01e0ff..21b4c7b 100644 | |||
886 | --- a/debian/po/cs.po | |||
887 | +++ b/debian/po/cs.po | |||
888 | @@ -7,7 +7,7 @@ msgid "" | |||
889 | 7 | msgstr "" | 7 | msgstr "" |
890 | 8 | "Project-Id-Version: openssh 1:6.6p1-1\n" | 8 | "Project-Id-Version: openssh 1:6.6p1-1\n" |
891 | 9 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" | 9 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" |
893 | 10 | "POT-Creation-Date: 2014-03-20 02:06+0000\n" | 10 | "POT-Creation-Date: 2022-09-23 19:34+0000\n" |
894 | 11 | "PO-Revision-Date: 2014-06-12 12:25+0200\n" | 11 | "PO-Revision-Date: 2014-06-12 12:25+0200\n" |
895 | 12 | "Last-Translator: Michal Simunek <michal.simunek@gmail.com>\n" | 12 | "Last-Translator: Michal Simunek <michal.simunek@gmail.com>\n" |
896 | 13 | "Language-Team: Czech <debian-l10n-czech@lists.debian.org>\n" | 13 | "Language-Team: Czech <debian-l10n-czech@lists.debian.org>\n" |
897 | @@ -53,3 +53,28 @@ msgstr "" | |||
898 | 53 | "poškodit systémy, které jsou nastaveny s předpokladem, že bude možné se " | 53 | "poškodit systémy, které jsou nastaveny s předpokladem, že bude možné se " |
899 | 54 | "přihlašovat přes SSH jako root pomocí ověřování heslem. Změnu této volby " | 54 | "přihlašovat přes SSH jako root pomocí ověřování heslem. Změnu této volby " |
900 | 55 | "byste měli provést pouze pokud ověřování heslem potřebujete." | 55 | "byste měli provést pouze pokud ověřování heslem potřebujete." |
901 | 56 | |||
902 | 57 | #. Type: error | ||
903 | 58 | #. Description | ||
904 | 59 | #: ../openssh-server.templates:3001 | ||
905 | 60 | msgid "Not migrating to socket activation" | ||
906 | 61 | msgstr "" | ||
907 | 62 | |||
908 | 63 | #. Type: error | ||
909 | 64 | #. Description | ||
910 | 65 | #: ../openssh-server.templates:3001 | ||
911 | 66 | msgid "" | ||
912 | 67 | "This version of openssh-server uses socket-based activation by default. " | ||
913 | 68 | "However, because you have more than one ListenAddress configured in " | ||
914 | 69 | "sshd_config, it is impossible to determine at upgrade time if migrating you " | ||
915 | 70 | "to socket-based activation would cause the starting of sshd at boot to be " | ||
916 | 71 | "unreliable." | ||
917 | 72 | msgstr "" | ||
918 | 73 | |||
919 | 74 | #. Type: error | ||
920 | 75 | #. Description | ||
921 | 76 | #: ../openssh-server.templates:3001 | ||
922 | 77 | msgid "" | ||
923 | 78 | "Because a failure to start ssh may make it impossible to admininister a " | ||
924 | 79 | "system, you will not be migrated to socket-based activation at this time." | ||
925 | 80 | msgstr "" | ||
926 | diff --git a/debian/po/da.po b/debian/po/da.po | |||
927 | index 70d576d..a08ca3b 100644 | |||
928 | --- a/debian/po/da.po | |||
929 | +++ b/debian/po/da.po | |||
930 | @@ -7,7 +7,7 @@ msgid "" | |||
931 | 7 | msgstr "" | 7 | msgstr "" |
932 | 8 | "Project-Id-Version: openssh\n" | 8 | "Project-Id-Version: openssh\n" |
933 | 9 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" | 9 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" |
935 | 10 | "POT-Creation-Date: 2014-03-20 02:06+0000\n" | 10 | "POT-Creation-Date: 2022-09-23 19:34+0000\n" |
936 | 11 | "PO-Revision-Date: 2014-03-21 23:51+0200\n" | 11 | "PO-Revision-Date: 2014-03-21 23:51+0200\n" |
937 | 12 | "Last-Translator: Joe Hansen <joedalton2@yahoo.dk>\n" | 12 | "Last-Translator: Joe Hansen <joedalton2@yahoo.dk>\n" |
938 | 13 | "Language-Team: Danish <debian-l10n-danish@lists.debian.org>\n" | 13 | "Language-Team: Danish <debian-l10n-danish@lists.debian.org>\n" |
939 | @@ -53,3 +53,28 @@ msgstr "" | |||
940 | 53 | "Det kan dog ødelægge systemer, som er opsat med forventning om at kunne SSH " | 53 | "Det kan dog ødelægge systemer, som er opsat med forventning om at kunne SSH " |
941 | 54 | "som root via brug af adgangskodegodkendelse. Du skal kun lave denne ændring, " | 54 | "som root via brug af adgangskodegodkendelse. Du skal kun lave denne ændring, " |
942 | 55 | "hvis du ikke har brug for dette." | 55 | "hvis du ikke har brug for dette." |
943 | 56 | |||
944 | 57 | #. Type: error | ||
945 | 58 | #. Description | ||
946 | 59 | #: ../openssh-server.templates:3001 | ||
947 | 60 | msgid "Not migrating to socket activation" | ||
948 | 61 | msgstr "" | ||
949 | 62 | |||
950 | 63 | #. Type: error | ||
951 | 64 | #. Description | ||
952 | 65 | #: ../openssh-server.templates:3001 | ||
953 | 66 | msgid "" | ||
954 | 67 | "This version of openssh-server uses socket-based activation by default. " | ||
955 | 68 | "However, because you have more than one ListenAddress configured in " | ||
956 | 69 | "sshd_config, it is impossible to determine at upgrade time if migrating you " | ||
957 | 70 | "to socket-based activation would cause the starting of sshd at boot to be " | ||
958 | 71 | "unreliable." | ||
959 | 72 | msgstr "" | ||
960 | 73 | |||
961 | 74 | #. Type: error | ||
962 | 75 | #. Description | ||
963 | 76 | #: ../openssh-server.templates:3001 | ||
964 | 77 | msgid "" | ||
965 | 78 | "Because a failure to start ssh may make it impossible to admininister a " | ||
966 | 79 | "system, you will not be migrated to socket-based activation at this time." | ||
967 | 80 | msgstr "" | ||
968 | diff --git a/debian/po/de.po b/debian/po/de.po | |||
969 | index ecba54b..2536ea4 100644 | |||
970 | --- a/debian/po/de.po | |||
971 | +++ b/debian/po/de.po | |||
972 | @@ -8,7 +8,7 @@ msgid "" | |||
973 | 8 | msgstr "" | 8 | msgstr "" |
974 | 9 | "Project-Id-Version: openssh_1:6.6p1-1\n" | 9 | "Project-Id-Version: openssh_1:6.6p1-1\n" |
975 | 10 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" | 10 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" |
977 | 11 | "POT-Creation-Date: 2014-03-20 02:06+0000\n" | 11 | "POT-Creation-Date: 2022-09-23 19:34+0000\n" |
978 | 12 | "PO-Revision-Date: 2014-03-24 22:21+0100\n" | 12 | "PO-Revision-Date: 2014-03-24 22:21+0100\n" |
979 | 13 | "Last-Translator: Stephan Beck <sbeck@mailbox.org>\n" | 13 | "Last-Translator: Stephan Beck <sbeck@mailbox.org>\n" |
980 | 14 | "Language-Team: Debian German translation team <debian-l10n-german@lists." | 14 | "Language-Team: Debian German translation team <debian-l10n-german@lists." |
981 | @@ -59,3 +59,28 @@ msgstr "" | |||
982 | 59 | "in der Absicht konfiguriert wurden, die Anmeldung als »root« über SSH unter " | 59 | "in der Absicht konfiguriert wurden, die Anmeldung als »root« über SSH unter " |
983 | 60 | "Verwendung von Passwort-Authentifizierung zuzulassen. Sie sollten diese " | 60 | "Verwendung von Passwort-Authentifizierung zuzulassen. Sie sollten diese " |
984 | 61 | "Änderung nur vornehmen, wenn Sie auf Letzteres verzichten können." | 61 | "Änderung nur vornehmen, wenn Sie auf Letzteres verzichten können." |
985 | 62 | |||
986 | 63 | #. Type: error | ||
987 | 64 | #. Description | ||
988 | 65 | #: ../openssh-server.templates:3001 | ||
989 | 66 | msgid "Not migrating to socket activation" | ||
990 | 67 | msgstr "" | ||
991 | 68 | |||
992 | 69 | #. Type: error | ||
993 | 70 | #. Description | ||
994 | 71 | #: ../openssh-server.templates:3001 | ||
995 | 72 | msgid "" | ||
996 | 73 | "This version of openssh-server uses socket-based activation by default. " | ||
997 | 74 | "However, because you have more than one ListenAddress configured in " | ||
998 | 75 | "sshd_config, it is impossible to determine at upgrade time if migrating you " | ||
999 | 76 | "to socket-based activation would cause the starting of sshd at boot to be " | ||
1000 | 77 | "unreliable." | ||
1001 | 78 | msgstr "" | ||
1002 | 79 | |||
1003 | 80 | #. Type: error | ||
1004 | 81 | #. Description | ||
1005 | 82 | #: ../openssh-server.templates:3001 | ||
1006 | 83 | msgid "" | ||
1007 | 84 | "Because a failure to start ssh may make it impossible to admininister a " | ||
1008 | 85 | "system, you will not be migrated to socket-based activation at this time." | ||
1009 | 86 | msgstr "" | ||
1010 | diff --git a/debian/po/es.po b/debian/po/es.po | |||
1011 | index de8a67a..14550d6 100644 | |||
1012 | --- a/debian/po/es.po | |||
1013 | +++ b/debian/po/es.po | |||
1014 | @@ -28,7 +28,7 @@ msgid "" | |||
1015 | 28 | msgstr "" | 28 | msgstr "" |
1016 | 29 | "Project-Id-Version: openssh\n" | 29 | "Project-Id-Version: openssh\n" |
1017 | 30 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" | 30 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" |
1019 | 31 | "POT-Creation-Date: 2014-03-20 02:06+0000\n" | 31 | "POT-Creation-Date: 2022-09-23 19:34+0000\n" |
1020 | 32 | "PO-Revision-Date: 2014-03-23 20:43-0300\n" | 32 | "PO-Revision-Date: 2014-03-23 20:43-0300\n" |
1021 | 33 | "Last-Translator: Matías Bellone <matiasbellone+debian@gmail.com>\n" | 33 | "Last-Translator: Matías Bellone <matiasbellone+debian@gmail.com>\n" |
1022 | 34 | "Language-Team: Debian l10n Spanish <debian-l10n-spanish@lists.debian.org>\n" | 34 | "Language-Team: Debian l10n Spanish <debian-l10n-spanish@lists.debian.org>\n" |
1023 | @@ -78,3 +78,28 @@ msgstr "" | |||
1024 | 78 | "configuración permite que el usuario root inicie sesión a través de SSH " | 78 | "configuración permite que el usuario root inicie sesión a través de SSH " |
1025 | 79 | "utilizando una contraseña. Sólo debería realizar este cambio si no necesita " | 79 | "utilizando una contraseña. Sólo debería realizar este cambio si no necesita " |
1026 | 80 | "este comportamiento." | 80 | "este comportamiento." |
1027 | 81 | |||
1028 | 82 | #. Type: error | ||
1029 | 83 | #. Description | ||
1030 | 84 | #: ../openssh-server.templates:3001 | ||
1031 | 85 | msgid "Not migrating to socket activation" | ||
1032 | 86 | msgstr "" | ||
1033 | 87 | |||
1034 | 88 | #. Type: error | ||
1035 | 89 | #. Description | ||
1036 | 90 | #: ../openssh-server.templates:3001 | ||
1037 | 91 | msgid "" | ||
1038 | 92 | "This version of openssh-server uses socket-based activation by default. " | ||
1039 | 93 | "However, because you have more than one ListenAddress configured in " | ||
1040 | 94 | "sshd_config, it is impossible to determine at upgrade time if migrating you " | ||
1041 | 95 | "to socket-based activation would cause the starting of sshd at boot to be " | ||
1042 | 96 | "unreliable." | ||
1043 | 97 | msgstr "" | ||
1044 | 98 | |||
1045 | 99 | #. Type: error | ||
1046 | 100 | #. Description | ||
1047 | 101 | #: ../openssh-server.templates:3001 | ||
1048 | 102 | msgid "" | ||
1049 | 103 | "Because a failure to start ssh may make it impossible to admininister a " | ||
1050 | 104 | "system, you will not be migrated to socket-based activation at this time." | ||
1051 | 105 | msgstr "" | ||
1052 | diff --git a/debian/po/fr.po b/debian/po/fr.po | |||
1053 | index f7125e9..7d7093b 100644 | |||
1054 | --- a/debian/po/fr.po | |||
1055 | +++ b/debian/po/fr.po | |||
1056 | @@ -7,7 +7,7 @@ msgid "" | |||
1057 | 7 | msgstr "" | 7 | msgstr "" |
1058 | 8 | "Project-Id-Version: openssh_1:6.5p1-6\n" | 8 | "Project-Id-Version: openssh_1:6.5p1-6\n" |
1059 | 9 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" | 9 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" |
1061 | 10 | "POT-Creation-Date: 2014-03-20 02:06+0000\n" | 10 | "POT-Creation-Date: 2022-09-23 19:34+0000\n" |
1062 | 11 | "PO-Revision-Date: 2014-03-22 08:26+0100\n" | 11 | "PO-Revision-Date: 2014-03-22 08:26+0100\n" |
1063 | 12 | "Last-Translator: Étienne Gilli <etienne.gilli@gmail.com>\n" | 12 | "Last-Translator: Étienne Gilli <etienne.gilli@gmail.com>\n" |
1064 | 13 | "Language-Team: French <debian-l10n-french@lists.debian.org>\n" | 13 | "Language-Team: French <debian-l10n-french@lists.debian.org>\n" |
1065 | @@ -57,3 +57,28 @@ msgstr "" | |||
1066 | 57 | "inutilisables les systèmes reposant sur la possibilité de se connecter au " | 57 | "inutilisables les systèmes reposant sur la possibilité de se connecter au " |
1067 | 58 | "compte « root » par SSH avec authentification par mot de passe. Vous ne " | 58 | "compte « root » par SSH avec authentification par mot de passe. Vous ne " |
1068 | 59 | "devriez appliquer cette modification que si ce n’est pas votre cas." | 59 | "devriez appliquer cette modification que si ce n’est pas votre cas." |
1069 | 60 | |||
1070 | 61 | #. Type: error | ||
1071 | 62 | #. Description | ||
1072 | 63 | #: ../openssh-server.templates:3001 | ||
1073 | 64 | msgid "Not migrating to socket activation" | ||
1074 | 65 | msgstr "" | ||
1075 | 66 | |||
1076 | 67 | #. Type: error | ||
1077 | 68 | #. Description | ||
1078 | 69 | #: ../openssh-server.templates:3001 | ||
1079 | 70 | msgid "" | ||
1080 | 71 | "This version of openssh-server uses socket-based activation by default. " | ||
1081 | 72 | "However, because you have more than one ListenAddress configured in " | ||
1082 | 73 | "sshd_config, it is impossible to determine at upgrade time if migrating you " | ||
1083 | 74 | "to socket-based activation would cause the starting of sshd at boot to be " | ||
1084 | 75 | "unreliable." | ||
1085 | 76 | msgstr "" | ||
1086 | 77 | |||
1087 | 78 | #. Type: error | ||
1088 | 79 | #. Description | ||
1089 | 80 | #: ../openssh-server.templates:3001 | ||
1090 | 81 | msgid "" | ||
1091 | 82 | "Because a failure to start ssh may make it impossible to admininister a " | ||
1092 | 83 | "system, you will not be migrated to socket-based activation at this time." | ||
1093 | 84 | msgstr "" | ||
1094 | diff --git a/debian/po/it.po b/debian/po/it.po | |||
1095 | index dd71060..5390795 100644 | |||
1096 | --- a/debian/po/it.po | |||
1097 | +++ b/debian/po/it.po | |||
1098 | @@ -6,7 +6,7 @@ msgid "" | |||
1099 | 6 | msgstr "" | 6 | msgstr "" |
1100 | 7 | "Project-Id-Version: openssh\n" | 7 | "Project-Id-Version: openssh\n" |
1101 | 8 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" | 8 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" |
1103 | 9 | "POT-Creation-Date: 2014-03-20 02:06+0000\n" | 9 | "POT-Creation-Date: 2022-09-23 19:34+0000\n" |
1104 | 10 | "PO-Revision-Date: 2014-03-28 11:12+0200\n" | 10 | "PO-Revision-Date: 2014-03-28 11:12+0200\n" |
1105 | 11 | "Last-Translator: Beatrice Torracca <beatricet@libero.it>\n" | 11 | "Last-Translator: Beatrice Torracca <beatricet@libero.it>\n" |
1106 | 12 | "Language-Team: Italian <debian-l10n-italian@lists.debian.org>\n" | 12 | "Language-Team: Italian <debian-l10n-italian@lists.debian.org>\n" |
1107 | @@ -56,3 +56,28 @@ msgstr "" | |||
1108 | 56 | "impostati facendo affidamento sulla possibilità di autenticazione SSH come " | 56 | "impostati facendo affidamento sulla possibilità di autenticazione SSH come " |
1109 | 57 | "root usando la password. Si dovrebbe fare questo cambiamento solo se non si " | 57 | "root usando la password. Si dovrebbe fare questo cambiamento solo se non si " |
1110 | 58 | "ha bisogno di tale comportamento." | 58 | "ha bisogno di tale comportamento." |
1111 | 59 | |||
1112 | 60 | #. Type: error | ||
1113 | 61 | #. Description | ||
1114 | 62 | #: ../openssh-server.templates:3001 | ||
1115 | 63 | msgid "Not migrating to socket activation" | ||
1116 | 64 | msgstr "" | ||
1117 | 65 | |||
1118 | 66 | #. Type: error | ||
1119 | 67 | #. Description | ||
1120 | 68 | #: ../openssh-server.templates:3001 | ||
1121 | 69 | msgid "" | ||
1122 | 70 | "This version of openssh-server uses socket-based activation by default. " | ||
1123 | 71 | "However, because you have more than one ListenAddress configured in " | ||
1124 | 72 | "sshd_config, it is impossible to determine at upgrade time if migrating you " | ||
1125 | 73 | "to socket-based activation would cause the starting of sshd at boot to be " | ||
1126 | 74 | "unreliable." | ||
1127 | 75 | msgstr "" | ||
1128 | 76 | |||
1129 | 77 | #. Type: error | ||
1130 | 78 | #. Description | ||
1131 | 79 | #: ../openssh-server.templates:3001 | ||
1132 | 80 | msgid "" | ||
1133 | 81 | "Because a failure to start ssh may make it impossible to admininister a " | ||
1134 | 82 | "system, you will not be migrated to socket-based activation at this time." | ||
1135 | 83 | msgstr "" | ||
1136 | diff --git a/debian/po/ja.po b/debian/po/ja.po | |||
1137 | index db382f1..b48d281 100644 | |||
1138 | --- a/debian/po/ja.po | |||
1139 | +++ b/debian/po/ja.po | |||
1140 | @@ -7,7 +7,7 @@ msgid "" | |||
1141 | 7 | msgstr "" | 7 | msgstr "" |
1142 | 8 | "Project-Id-Version: openssh\n" | 8 | "Project-Id-Version: openssh\n" |
1143 | 9 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" | 9 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" |
1145 | 10 | "POT-Creation-Date: 2014-03-20 02:06+0000\n" | 10 | "POT-Creation-Date: 2022-09-23 19:34+0000\n" |
1146 | 11 | "PO-Revision-Date: 2014-03-20 11:06+0900\n" | 11 | "PO-Revision-Date: 2014-03-20 11:06+0900\n" |
1147 | 12 | "Last-Translator: victory <victory.deb@gmail.com>\n" | 12 | "Last-Translator: victory <victory.deb@gmail.com>\n" |
1148 | 13 | "Language-Team: Japanese <debian-japanese@lists.debian.org>\n" | 13 | "Language-Team: Japanese <debian-japanese@lists.debian.org>\n" |
1149 | @@ -53,3 +53,28 @@ msgstr "" | |||
1150 | 53 | "ます。しかしパスワード認証により root で SSH 接続できることを前提として構成し" | 53 | "ます。しかしパスワード認証により root で SSH 接続できることを前提として構成し" |
1151 | 54 | "たシステムでは問題が発生する可能性があります。そういった必要のない場合にのみ" | 54 | "たシステムでは問題が発生する可能性があります。そういった必要のない場合にのみ" |
1152 | 55 | "この変更を行うようにしてください。" | 55 | "この変更を行うようにしてください。" |
1153 | 56 | |||
1154 | 57 | #. Type: error | ||
1155 | 58 | #. Description | ||
1156 | 59 | #: ../openssh-server.templates:3001 | ||
1157 | 60 | msgid "Not migrating to socket activation" | ||
1158 | 61 | msgstr "" | ||
1159 | 62 | |||
1160 | 63 | #. Type: error | ||
1161 | 64 | #. Description | ||
1162 | 65 | #: ../openssh-server.templates:3001 | ||
1163 | 66 | msgid "" | ||
1164 | 67 | "This version of openssh-server uses socket-based activation by default. " | ||
1165 | 68 | "However, because you have more than one ListenAddress configured in " | ||
1166 | 69 | "sshd_config, it is impossible to determine at upgrade time if migrating you " | ||
1167 | 70 | "to socket-based activation would cause the starting of sshd at boot to be " | ||
1168 | 71 | "unreliable." | ||
1169 | 72 | msgstr "" | ||
1170 | 73 | |||
1171 | 74 | #. Type: error | ||
1172 | 75 | #. Description | ||
1173 | 76 | #: ../openssh-server.templates:3001 | ||
1174 | 77 | msgid "" | ||
1175 | 78 | "Because a failure to start ssh may make it impossible to admininister a " | ||
1176 | 79 | "system, you will not be migrated to socket-based activation at this time." | ||
1177 | 80 | msgstr "" | ||
1178 | diff --git a/debian/po/nl.po b/debian/po/nl.po | |||
1179 | index 3afd617..eca9662 100644 | |||
1180 | --- a/debian/po/nl.po | |||
1181 | +++ b/debian/po/nl.po | |||
1182 | @@ -7,7 +7,7 @@ msgid "" | |||
1183 | 7 | msgstr "" | 7 | msgstr "" |
1184 | 8 | "Project-Id-Version: openssh\n" | 8 | "Project-Id-Version: openssh\n" |
1185 | 9 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" | 9 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" |
1187 | 10 | "POT-Creation-Date: 2014-03-20 02:06+0000\n" | 10 | "POT-Creation-Date: 2022-09-23 19:34+0000\n" |
1188 | 11 | "PO-Revision-Date: 2014-10-03 23:54+0200\n" | 11 | "PO-Revision-Date: 2014-10-03 23:54+0200\n" |
1189 | 12 | "Last-Translator: Frans Spiesschaert <Frans.Spiesschaert@yucom.be>\n" | 12 | "Last-Translator: Frans Spiesschaert <Frans.Spiesschaert@yucom.be>\n" |
1190 | 13 | "Language-Team: Debian Dutch l10n Team <debian-l10n-dutch@lists.debian.org>\n" | 13 | "Language-Team: Debian Dutch l10n Team <debian-l10n-dutch@lists.debian.org>\n" |
1191 | @@ -58,3 +58,28 @@ msgstr "" | |||
1192 | 58 | "ingesteld werden vanuit de verwachting dat de systeembeheerder SSH kan " | 58 | "ingesteld werden vanuit de verwachting dat de systeembeheerder SSH kan " |
1193 | 59 | "gebruiken met authenticatie via wachtwoord. Enkel wanneer u dit laatste niet " | 59 | "gebruiken met authenticatie via wachtwoord. Enkel wanneer u dit laatste niet " |
1194 | 60 | "nodig heeft, zou u deze wijziging kunnen doorvoeren." | 60 | "nodig heeft, zou u deze wijziging kunnen doorvoeren." |
1195 | 61 | |||
1196 | 62 | #. Type: error | ||
1197 | 63 | #. Description | ||
1198 | 64 | #: ../openssh-server.templates:3001 | ||
1199 | 65 | msgid "Not migrating to socket activation" | ||
1200 | 66 | msgstr "" | ||
1201 | 67 | |||
1202 | 68 | #. Type: error | ||
1203 | 69 | #. Description | ||
1204 | 70 | #: ../openssh-server.templates:3001 | ||
1205 | 71 | msgid "" | ||
1206 | 72 | "This version of openssh-server uses socket-based activation by default. " | ||
1207 | 73 | "However, because you have more than one ListenAddress configured in " | ||
1208 | 74 | "sshd_config, it is impossible to determine at upgrade time if migrating you " | ||
1209 | 75 | "to socket-based activation would cause the starting of sshd at boot to be " | ||
1210 | 76 | "unreliable." | ||
1211 | 77 | msgstr "" | ||
1212 | 78 | |||
1213 | 79 | #. Type: error | ||
1214 | 80 | #. Description | ||
1215 | 81 | #: ../openssh-server.templates:3001 | ||
1216 | 82 | msgid "" | ||
1217 | 83 | "Because a failure to start ssh may make it impossible to admininister a " | ||
1218 | 84 | "system, you will not be migrated to socket-based activation at this time." | ||
1219 | 85 | msgstr "" | ||
1220 | diff --git a/debian/po/pt.po b/debian/po/pt.po | |||
1221 | index 2dab84c..8f51af9 100644 | |||
1222 | --- a/debian/po/pt.po | |||
1223 | +++ b/debian/po/pt.po | |||
1224 | @@ -7,7 +7,7 @@ msgid "" | |||
1225 | 7 | msgstr "" | 7 | msgstr "" |
1226 | 8 | "Project-Id-Version: openssh 1:6.6p1-1\n" | 8 | "Project-Id-Version: openssh 1:6.6p1-1\n" |
1227 | 9 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" | 9 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" |
1229 | 10 | "POT-Creation-Date: 2014-03-20 02:06+0000\n" | 10 | "POT-Creation-Date: 2022-09-23 19:34+0000\n" |
1230 | 11 | "PO-Revision-Date: 2014-03-21 21:13+0000\n" | 11 | "PO-Revision-Date: 2014-03-21 21:13+0000\n" |
1231 | 12 | "Last-Translator: Américo Monteiro <a_monteiro@gmx.com>\n" | 12 | "Last-Translator: Américo Monteiro <a_monteiro@gmx.com>\n" |
1232 | 13 | "Language-Team: Portuguese <traduz@debianpt.org>\n" | 13 | "Language-Team: Portuguese <traduz@debianpt.org>\n" |
1233 | @@ -57,3 +57,28 @@ msgstr "" | |||
1234 | 57 | "configurados com a expectativa de serem capazes de SSH como root usando " | 57 | "configurados com a expectativa de serem capazes de SSH como root usando " |
1235 | 58 | "autenticação por palavra-passe. Apenas deverá fazer esta alteração se não " | 58 | "autenticação por palavra-passe. Apenas deverá fazer esta alteração se não " |
1236 | 59 | "precisa de tal método de autenticação." | 59 | "precisa de tal método de autenticação." |
1237 | 60 | |||
1238 | 61 | #. Type: error | ||
1239 | 62 | #. Description | ||
1240 | 63 | #: ../openssh-server.templates:3001 | ||
1241 | 64 | msgid "Not migrating to socket activation" | ||
1242 | 65 | msgstr "" | ||
1243 | 66 | |||
1244 | 67 | #. Type: error | ||
1245 | 68 | #. Description | ||
1246 | 69 | #: ../openssh-server.templates:3001 | ||
1247 | 70 | msgid "" | ||
1248 | 71 | "This version of openssh-server uses socket-based activation by default. " | ||
1249 | 72 | "However, because you have more than one ListenAddress configured in " | ||
1250 | 73 | "sshd_config, it is impossible to determine at upgrade time if migrating you " | ||
1251 | 74 | "to socket-based activation would cause the starting of sshd at boot to be " | ||
1252 | 75 | "unreliable." | ||
1253 | 76 | msgstr "" | ||
1254 | 77 | |||
1255 | 78 | #. Type: error | ||
1256 | 79 | #. Description | ||
1257 | 80 | #: ../openssh-server.templates:3001 | ||
1258 | 81 | msgid "" | ||
1259 | 82 | "Because a failure to start ssh may make it impossible to admininister a " | ||
1260 | 83 | "system, you will not be migrated to socket-based activation at this time." | ||
1261 | 84 | msgstr "" | ||
1262 | diff --git a/debian/po/pt_BR.po b/debian/po/pt_BR.po | |||
1263 | index 99b1182..98856bb 100644 | |||
1264 | --- a/debian/po/pt_BR.po | |||
1265 | +++ b/debian/po/pt_BR.po | |||
1266 | @@ -8,7 +8,7 @@ msgid "" | |||
1267 | 8 | msgstr "" | 8 | msgstr "" |
1268 | 9 | "Project-Id-Version: openssh\n" | 9 | "Project-Id-Version: openssh\n" |
1269 | 10 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" | 10 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" |
1271 | 11 | "POT-Creation-Date: 2014-03-20 02:06+0000\n" | 11 | "POT-Creation-Date: 2022-09-23 19:34+0000\n" |
1272 | 12 | "PO-Revision-Date: 2014-11-23 23:49-0200\n" | 12 | "PO-Revision-Date: 2014-11-23 23:49-0200\n" |
1273 | 13 | "Last-Translator: José de Figueiredo <deb.gnulinux@gmail.com>\n" | 13 | "Last-Translator: José de Figueiredo <deb.gnulinux@gmail.com>\n" |
1274 | 14 | "Language-Team: Brazilian Portuguese <debian-l10n-portuguese@lists.debian." | 14 | "Language-Team: Brazilian Portuguese <debian-l10n-portuguese@lists.debian." |
1275 | @@ -55,3 +55,28 @@ msgstr "" | |||
1276 | 55 | "Entretanto, ela pode quebrar sistemas que foram configurados com a " | 55 | "Entretanto, ela pode quebrar sistemas que foram configurados com a " |
1277 | 56 | "expectativa de acesso SSH com root usando autenticação por senha. Você deve " | 56 | "expectativa de acesso SSH com root usando autenticação por senha. Você deve " |
1278 | 57 | "fazer esta mudança somente se você não precisa fazer isso." | 57 | "fazer esta mudança somente se você não precisa fazer isso." |
1279 | 58 | |||
1280 | 59 | #. Type: error | ||
1281 | 60 | #. Description | ||
1282 | 61 | #: ../openssh-server.templates:3001 | ||
1283 | 62 | msgid "Not migrating to socket activation" | ||
1284 | 63 | msgstr "" | ||
1285 | 64 | |||
1286 | 65 | #. Type: error | ||
1287 | 66 | #. Description | ||
1288 | 67 | #: ../openssh-server.templates:3001 | ||
1289 | 68 | msgid "" | ||
1290 | 69 | "This version of openssh-server uses socket-based activation by default. " | ||
1291 | 70 | "However, because you have more than one ListenAddress configured in " | ||
1292 | 71 | "sshd_config, it is impossible to determine at upgrade time if migrating you " | ||
1293 | 72 | "to socket-based activation would cause the starting of sshd at boot to be " | ||
1294 | 73 | "unreliable." | ||
1295 | 74 | msgstr "" | ||
1296 | 75 | |||
1297 | 76 | #. Type: error | ||
1298 | 77 | #. Description | ||
1299 | 78 | #: ../openssh-server.templates:3001 | ||
1300 | 79 | msgid "" | ||
1301 | 80 | "Because a failure to start ssh may make it impossible to admininister a " | ||
1302 | 81 | "system, you will not be migrated to socket-based activation at this time." | ||
1303 | 82 | msgstr "" | ||
1304 | diff --git a/debian/po/ru.po b/debian/po/ru.po | |||
1305 | index f2e1daf..3fa193c 100644 | |||
1306 | --- a/debian/po/ru.po | |||
1307 | +++ b/debian/po/ru.po | |||
1308 | @@ -6,7 +6,7 @@ msgid "" | |||
1309 | 6 | msgstr "" | 6 | msgstr "" |
1310 | 7 | "Project-Id-Version: openssh 1:6.6p1-1\n" | 7 | "Project-Id-Version: openssh 1:6.6p1-1\n" |
1311 | 8 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" | 8 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" |
1313 | 9 | "POT-Creation-Date: 2014-03-20 02:06+0000\n" | 9 | "POT-Creation-Date: 2022-09-23 19:34+0000\n" |
1314 | 10 | "PO-Revision-Date: 2014-03-22 10:04+0400\n" | 10 | "PO-Revision-Date: 2014-03-22 10:04+0400\n" |
1315 | 11 | "Last-Translator: Yuri Kozlov <yuray@komyakino.ru>\n" | 11 | "Last-Translator: Yuri Kozlov <yuray@komyakino.ru>\n" |
1316 | 12 | "Language-Team: Russian <debian-l10n-russian@lists.debian.org>\n" | 12 | "Language-Team: Russian <debian-l10n-russian@lists.debian.org>\n" |
1317 | @@ -14,8 +14,8 @@ msgstr "" | |||
1318 | 14 | "MIME-Version: 1.0\n" | 14 | "MIME-Version: 1.0\n" |
1319 | 15 | "Content-Type: text/plain; charset=UTF-8\n" | 15 | "Content-Type: text/plain; charset=UTF-8\n" |
1320 | 16 | "Content-Transfer-Encoding: 8bit\n" | 16 | "Content-Transfer-Encoding: 8bit\n" |
1323 | 17 | "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" | 17 | "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && " |
1324 | 18 | "%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" | 18 | "n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" |
1325 | 19 | "X-Generator: Lokalize 1.4\n" | 19 | "X-Generator: Lokalize 1.4\n" |
1326 | 20 | 20 | ||
1327 | 21 | #. Type: boolean | 21 | #. Type: boolean |
1328 | @@ -55,3 +55,28 @@ msgstr "" | |||
1329 | 55 | "атак). Однако, это вредит системам, в которых специально настроен вход для " | 55 | "атак). Однако, это вредит системам, в которых специально настроен вход для " |
1330 | 56 | "root по SSH с парольной аутентификацией. Если это не ваш случай, то ответьте " | 56 | "root по SSH с парольной аутентификацией. Если это не ваш случай, то ответьте " |
1331 | 57 | "утвердительно." | 57 | "утвердительно." |
1332 | 58 | |||
1333 | 59 | #. Type: error | ||
1334 | 60 | #. Description | ||
1335 | 61 | #: ../openssh-server.templates:3001 | ||
1336 | 62 | msgid "Not migrating to socket activation" | ||
1337 | 63 | msgstr "" | ||
1338 | 64 | |||
1339 | 65 | #. Type: error | ||
1340 | 66 | #. Description | ||
1341 | 67 | #: ../openssh-server.templates:3001 | ||
1342 | 68 | msgid "" | ||
1343 | 69 | "This version of openssh-server uses socket-based activation by default. " | ||
1344 | 70 | "However, because you have more than one ListenAddress configured in " | ||
1345 | 71 | "sshd_config, it is impossible to determine at upgrade time if migrating you " | ||
1346 | 72 | "to socket-based activation would cause the starting of sshd at boot to be " | ||
1347 | 73 | "unreliable." | ||
1348 | 74 | msgstr "" | ||
1349 | 75 | |||
1350 | 76 | #. Type: error | ||
1351 | 77 | #. Description | ||
1352 | 78 | #: ../openssh-server.templates:3001 | ||
1353 | 79 | msgid "" | ||
1354 | 80 | "Because a failure to start ssh may make it impossible to admininister a " | ||
1355 | 81 | "system, you will not be migrated to socket-based activation at this time." | ||
1356 | 82 | msgstr "" | ||
1357 | diff --git a/debian/po/sv.po b/debian/po/sv.po | |||
1358 | index 278b0cc..296e611 100644 | |||
1359 | --- a/debian/po/sv.po | |||
1360 | +++ b/debian/po/sv.po | |||
1361 | @@ -8,7 +8,7 @@ msgid "" | |||
1362 | 8 | msgstr "" | 8 | msgstr "" |
1363 | 9 | "Project-Id-Version: openssh\n" | 9 | "Project-Id-Version: openssh\n" |
1364 | 10 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" | 10 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" |
1366 | 11 | "POT-Creation-Date: 2014-03-20 02:06+0000\n" | 11 | "POT-Creation-Date: 2022-09-23 19:34+0000\n" |
1367 | 12 | "PO-Revision-Date: 2014-03-21 21:36+0100\n" | 12 | "PO-Revision-Date: 2014-03-21 21:36+0100\n" |
1368 | 13 | "Last-Translator: Andreas Rönnquist <gusnan@gusnan.se>\n" | 13 | "Last-Translator: Andreas Rönnquist <gusnan@gusnan.se>\n" |
1369 | 14 | "Language-Team: Swedish\n" | 14 | "Language-Team: Swedish\n" |
1370 | @@ -56,3 +56,28 @@ msgstr "" | |||
1371 | 56 | "sådana angrepp). Dock så kan detta förstöra system som förväntas kunna " | 56 | "sådana angrepp). Dock så kan detta förstöra system som förväntas kunna " |
1372 | 57 | "använda SSH som root med hjälp av lösenordsautentisering. Du skall endast " | 57 | "använda SSH som root med hjälp av lösenordsautentisering. Du skall endast " |
1373 | 58 | "göra denna förändring om du inte har ett behov av att kunna göra detta." | 58 | "göra denna förändring om du inte har ett behov av att kunna göra detta." |
1374 | 59 | |||
1375 | 60 | #. Type: error | ||
1376 | 61 | #. Description | ||
1377 | 62 | #: ../openssh-server.templates:3001 | ||
1378 | 63 | msgid "Not migrating to socket activation" | ||
1379 | 64 | msgstr "" | ||
1380 | 65 | |||
1381 | 66 | #. Type: error | ||
1382 | 67 | #. Description | ||
1383 | 68 | #: ../openssh-server.templates:3001 | ||
1384 | 69 | msgid "" | ||
1385 | 70 | "This version of openssh-server uses socket-based activation by default. " | ||
1386 | 71 | "However, because you have more than one ListenAddress configured in " | ||
1387 | 72 | "sshd_config, it is impossible to determine at upgrade time if migrating you " | ||
1388 | 73 | "to socket-based activation would cause the starting of sshd at boot to be " | ||
1389 | 74 | "unreliable." | ||
1390 | 75 | msgstr "" | ||
1391 | 76 | |||
1392 | 77 | #. Type: error | ||
1393 | 78 | #. Description | ||
1394 | 79 | #: ../openssh-server.templates:3001 | ||
1395 | 80 | msgid "" | ||
1396 | 81 | "Because a failure to start ssh may make it impossible to admininister a " | ||
1397 | 82 | "system, you will not be migrated to socket-based activation at this time." | ||
1398 | 83 | msgstr "" | ||
1399 | diff --git a/debian/po/templates.pot b/debian/po/templates.pot | |||
1400 | index 47c9e36..c9dc5ba 100644 | |||
1401 | --- a/debian/po/templates.pot | |||
1402 | +++ b/debian/po/templates.pot | |||
1403 | @@ -1,6 +1,6 @@ | |||
1404 | 1 | # SOME DESCRIPTIVE TITLE. | 1 | # SOME DESCRIPTIVE TITLE. |
1405 | 2 | # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER | 2 | # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER |
1407 | 3 | # This file is distributed under the same license as the PACKAGE package. | 3 | # This file is distributed under the same license as the openssh package. |
1408 | 4 | # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. | 4 | # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. |
1409 | 5 | # | 5 | # |
1410 | 6 | #, fuzzy | 6 | #, fuzzy |
1411 | @@ -8,7 +8,7 @@ msgid "" | |||
1412 | 8 | msgstr "" | 8 | msgstr "" |
1413 | 9 | "Project-Id-Version: openssh\n" | 9 | "Project-Id-Version: openssh\n" |
1414 | 10 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" | 10 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" |
1416 | 11 | "POT-Creation-Date: 2014-03-20 02:06+0000\n" | 11 | "POT-Creation-Date: 2022-09-23 19:34+0000\n" |
1417 | 12 | "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" | 12 | "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" |
1418 | 13 | "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" | 13 | "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" |
1419 | 14 | "Language-Team: LANGUAGE <LL@li.org>\n" | 14 | "Language-Team: LANGUAGE <LL@li.org>\n" |
1420 | @@ -44,3 +44,28 @@ msgid "" | |||
1421 | 44 | "able to SSH as root using password authentication. You should only make this " | 44 | "able to SSH as root using password authentication. You should only make this " |
1422 | 45 | "change if you do not need to do that." | 45 | "change if you do not need to do that." |
1423 | 46 | msgstr "" | 46 | msgstr "" |
1424 | 47 | |||
1425 | 48 | #. Type: error | ||
1426 | 49 | #. Description | ||
1427 | 50 | #: ../openssh-server.templates:3001 | ||
1428 | 51 | msgid "Not migrating to socket activation" | ||
1429 | 52 | msgstr "" | ||
1430 | 53 | |||
1431 | 54 | #. Type: error | ||
1432 | 55 | #. Description | ||
1433 | 56 | #: ../openssh-server.templates:3001 | ||
1434 | 57 | msgid "" | ||
1435 | 58 | "This version of openssh-server uses socket-based activation by default. " | ||
1436 | 59 | "However, because you have more than one ListenAddress configured in " | ||
1437 | 60 | "sshd_config, it is impossible to determine at upgrade time if migrating you " | ||
1438 | 61 | "to socket-based activation would cause the starting of sshd at boot to be " | ||
1439 | 62 | "unreliable." | ||
1440 | 63 | msgstr "" | ||
1441 | 64 | |||
1442 | 65 | #. Type: error | ||
1443 | 66 | #. Description | ||
1444 | 67 | #: ../openssh-server.templates:3001 | ||
1445 | 68 | msgid "" | ||
1446 | 69 | "Because a failure to start ssh may make it impossible to admininister a " | ||
1447 | 70 | "system, you will not be migrated to socket-based activation at this time." | ||
1448 | 71 | msgstr "" | ||
1449 | diff --git a/debian/po/tr.po b/debian/po/tr.po | |||
1450 | index 1ada041..fd6bde5 100644 | |||
1451 | --- a/debian/po/tr.po | |||
1452 | +++ b/debian/po/tr.po | |||
1453 | @@ -7,15 +7,15 @@ msgid "" | |||
1454 | 7 | msgstr "" | 7 | msgstr "" |
1455 | 8 | "Project-Id-Version: openssh-server\n" | 8 | "Project-Id-Version: openssh-server\n" |
1456 | 9 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" | 9 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" |
1458 | 10 | "POT-Creation-Date: 2014-03-20 02:06+0000\n" | 10 | "POT-Creation-Date: 2022-09-23 19:34+0000\n" |
1459 | 11 | "PO-Revision-Date: 2014-08-01 14:44+0200\n" | 11 | "PO-Revision-Date: 2014-08-01 14:44+0200\n" |
1460 | 12 | "Last-Translator: Mert Dirik <mertdirik@gmail.com>\n" | 12 | "Last-Translator: Mert Dirik <mertdirik@gmail.com>\n" |
1461 | 13 | "Language-Team: Debian L10n Turkish <debian-l10n-turkish@lists.debian.org>\n" | 13 | "Language-Team: Debian L10n Turkish <debian-l10n-turkish@lists.debian.org>\n" |
1462 | 14 | "Language: tr\n" | ||
1463 | 14 | "MIME-Version: 1.0\n" | 15 | "MIME-Version: 1.0\n" |
1464 | 15 | "Content-Type: text/plain; charset=UTF-8\n" | 16 | "Content-Type: text/plain; charset=UTF-8\n" |
1465 | 16 | "Content-Transfer-Encoding: 8bit\n" | 17 | "Content-Transfer-Encoding: 8bit\n" |
1466 | 17 | "X-Generator: Poedit 1.5.4\n" | 18 | "X-Generator: Poedit 1.5.4\n" |
1467 | 18 | "Language: tr\n" | ||
1468 | 19 | 19 | ||
1469 | 20 | #. Type: boolean | 20 | #. Type: boolean |
1470 | 21 | #. Description | 21 | #. Description |
1471 | @@ -56,3 +56,28 @@ msgstr "" | |||
1472 | 56 | "parola doğrulama yöntemiyle oturum açılabileceği varsayımıyla hareket eden " | 56 | "parola doğrulama yöntemiyle oturum açılabileceği varsayımıyla hareket eden " |
1473 | 57 | "sistemlerde eskiden çalışan düzenin bozulmasına sebep olacaktır. Bu " | 57 | "sistemlerde eskiden çalışan düzenin bozulmasına sebep olacaktır. Bu " |
1474 | 58 | "değişikliği yalnızca sorun çıkarmayacağından eminseniz yapın." | 58 | "değişikliği yalnızca sorun çıkarmayacağından eminseniz yapın." |
1475 | 59 | |||
1476 | 60 | #. Type: error | ||
1477 | 61 | #. Description | ||
1478 | 62 | #: ../openssh-server.templates:3001 | ||
1479 | 63 | msgid "Not migrating to socket activation" | ||
1480 | 64 | msgstr "" | ||
1481 | 65 | |||
1482 | 66 | #. Type: error | ||
1483 | 67 | #. Description | ||
1484 | 68 | #: ../openssh-server.templates:3001 | ||
1485 | 69 | msgid "" | ||
1486 | 70 | "This version of openssh-server uses socket-based activation by default. " | ||
1487 | 71 | "However, because you have more than one ListenAddress configured in " | ||
1488 | 72 | "sshd_config, it is impossible to determine at upgrade time if migrating you " | ||
1489 | 73 | "to socket-based activation would cause the starting of sshd at boot to be " | ||
1490 | 74 | "unreliable." | ||
1491 | 75 | msgstr "" | ||
1492 | 76 | |||
1493 | 77 | #. Type: error | ||
1494 | 78 | #. Description | ||
1495 | 79 | #: ../openssh-server.templates:3001 | ||
1496 | 80 | msgid "" | ||
1497 | 81 | "Because a failure to start ssh may make it impossible to admininister a " | ||
1498 | 82 | "system, you will not be migrated to socket-based activation at this time." | ||
1499 | 83 | msgstr "" | ||
1500 | diff --git a/debian/rules b/debian/rules | |||
1501 | index 18b2bf3..400fca7 100755 | |||
1502 | --- a/debian/rules | |||
1503 | +++ b/debian/rules | |||
1504 | @@ -186,8 +186,9 @@ override_dh_installinit: | |||
1505 | 186 | dh_installinit -R --name ssh | 186 | dh_installinit -R --name ssh |
1506 | 187 | 187 | ||
1507 | 188 | override_dh_installsystemd: | 188 | override_dh_installsystemd: |
1510 | 189 | dh_installsystemd -popenssh-server ssh.service rescue-ssh.target | 189 | dh_installsystemd -popenssh-server --no-start ssh.socket |
1511 | 190 | dh_installsystemd -popenssh-server --no-enable ssh.socket | 190 | dh_installsystemd -popenssh-server rescue-ssh.target |
1512 | 191 | dh_installsystemd -popenssh-server --no-enable --no-start ssh.service | ||
1513 | 191 | 192 | ||
1514 | 192 | debian/openssh-server.sshd.pam: debian/openssh-server.sshd.pam.in | 193 | debian/openssh-server.sshd.pam: debian/openssh-server.sshd.pam.in |
1515 | 193 | ifeq ($(DEB_HOST_ARCH_OS),linux) | 194 | ifeq ($(DEB_HOST_ARCH_OS),linux) |
1516 | diff --git a/debian/systemd/ssh.service b/debian/systemd/ssh.service | |||
1517 | index 7495d9a..a18105b 100644 | |||
1518 | --- a/debian/systemd/ssh.service | |||
1519 | +++ b/debian/systemd/ssh.service | |||
1520 | @@ -14,8 +14,6 @@ KillMode=process | |||
1521 | 14 | Restart=on-failure | 14 | Restart=on-failure |
1522 | 15 | RestartPreventExitStatus=255 | 15 | RestartPreventExitStatus=255 |
1523 | 16 | Type=notify | 16 | Type=notify |
1524 | 17 | RuntimeDirectory=sshd | ||
1525 | 18 | RuntimeDirectoryMode=0755 | ||
1526 | 19 | 17 | ||
1527 | 20 | [Install] | 18 | [Install] |
1528 | 21 | WantedBy=multi-user.target | 19 | WantedBy=multi-user.target |
1529 | diff --git a/debian/tests/control b/debian/tests/control | |||
1530 | index 8bc480a..0329ea0 100644 | |||
1531 | --- a/debian/tests/control | |||
1532 | +++ b/debian/tests/control | |||
1533 | @@ -8,3 +8,9 @@ Depends: devscripts, | |||
1534 | 8 | python3-twisted, | 8 | python3-twisted, |
1535 | 9 | sudo, | 9 | sudo, |
1536 | 10 | sysvinit-utils, | 10 | sysvinit-utils, |
1537 | 11 | |||
1538 | 12 | Tests: systemd-socket-activation | ||
1539 | 13 | Restrictions: needs-root allow-stderr | ||
1540 | 14 | Depends: openssh-client, | ||
1541 | 15 | openssh-server, | ||
1542 | 16 | systemd, | ||
1543 | diff --git a/debian/tests/systemd-socket-activation b/debian/tests/systemd-socket-activation | |||
1544 | 11 | new file mode 100644 | 17 | new file mode 100644 |
1545 | index 0000000..42d4526 | |||
1546 | --- /dev/null | |||
1547 | +++ b/debian/tests/systemd-socket-activation | |||
1548 | @@ -0,0 +1,57 @@ | |||
1549 | 1 | #!/bin/bash | ||
1550 | 2 | |||
1551 | 3 | set -euo pipefail | ||
1552 | 4 | |||
1553 | 5 | assert_unit_property() { | ||
1554 | 6 | local property="$(echo "$2" | awk -F'=' '{print $1}')" | ||
1555 | 7 | |||
1556 | 8 | local expect="$2" | ||
1557 | 9 | local actual="$(systemctl show -p "$property" "$1")" | ||
1558 | 10 | |||
1559 | 11 | if [[ "$actual" != "$expect" ]]; then | ||
1560 | 12 | echo "Fail: $1: expected $expect, but got $actual" | ||
1561 | 13 | return 1 | ||
1562 | 14 | fi | ||
1563 | 15 | } | ||
1564 | 16 | |||
1565 | 17 | # Generate RSA key and add it to this user's authorized keys. | ||
1566 | 18 | ssh-keygen -t rsa -N "" -f "$HOME/.ssh/id_rsa" -q | ||
1567 | 19 | if [[ -f ~/.ssh/authorized_keys ]]; then | ||
1568 | 20 | touch ~/.ssh/authorized_keys | ||
1569 | 21 | chmod 0600 ~/.ssh/authorized_keys | ||
1570 | 22 | fi | ||
1571 | 23 | cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys | ||
1572 | 24 | |||
1573 | 25 | # Make sure ssh.service is not running. | ||
1574 | 26 | echo "Stopping ssh.service..." | ||
1575 | 27 | systemctl stop ssh.service 2>/dev/null | ||
1576 | 28 | |||
1577 | 29 | # Check that ssh.socket is active and listening. | ||
1578 | 30 | echo "Checking that ssh.socket is active and listening..." | ||
1579 | 31 | assert_unit_property ssh.socket "ActiveState=active" | ||
1580 | 32 | assert_unit_property ssh.socket "SubState=listening" | ||
1581 | 33 | |||
1582 | 34 | # Check that ssh.service is currently inactive/dead. | ||
1583 | 35 | echo "Checking that ssh.service is inactive/dead..." | ||
1584 | 36 | assert_unit_property ssh.service "ActiveState=inactive" | ||
1585 | 37 | assert_unit_property ssh.service "SubState=dead" | ||
1586 | 38 | |||
1587 | 39 | # Check that a connection attempt successfully activates ssh.service. | ||
1588 | 40 | echo "Checking that a connection attempt activates ssh.service..." | ||
1589 | 41 | ssh -oStrictHostKeyChecking=no localhost -- /usr/bin/true | ||
1590 | 42 | assert_unit_property ssh.service "ActiveState=active" | ||
1591 | 43 | assert_unit_property ssh.service "SubState=running" | ||
1592 | 44 | |||
1593 | 45 | # Check that we can re-execute sshd via systemctl reload. | ||
1594 | 46 | echo "Checking that sshd can be re-executed..." | ||
1595 | 47 | systemctl reload ssh.service | ||
1596 | 48 | assert_unit_property ssh.service "ActiveState=active" | ||
1597 | 49 | assert_unit_property ssh.service "SubState=running" | ||
1598 | 50 | |||
1599 | 51 | # Check that we can run sshd in debug mode. | ||
1600 | 52 | echo "Checking sshd can run in debug mode..." | ||
1601 | 53 | systemctl stop ssh.service 2>/dev/null | ||
1602 | 54 | sed -i 's/^SSHD_OPTS=.*/SSHD_OPTS=-ddd/g' /etc/default/ssh | ||
1603 | 55 | ssh -oStrictHostKeyChecking=no localhost -- /usr/bin/true | ||
1604 | 56 | |||
1605 | 57 | echo "Done." |