Ubuntu
openssh package

Merge ~enr0n/ubuntu/+source/openssh:merge-mantic-lp2025664 into ubuntu/+source/openssh:debian/sid

  1. Git
  2. lp:~enr0n/ubuntu/+source/openssh
  3. merge-mantic-lp2025664
  4. Merge into debian/sid
Proposed by Nick Rosbrook
Status: Needs review
Proposed branch: ~enr0n/ubuntu/+source/openssh:merge-mantic-lp2025664
Merge into: ubuntu/+source/openssh:debian/sid
Diff against target: 1733 lines (+1122/-112)
31 files modified
debian/README.Debian (+10/-17)
debian/changelog (+190/-0)
debian/control (+2/-1)
debian/openssh-server.postinst (+205/-6)
debian/openssh-server.postrm (+4/-0)
debian/openssh-server.templates (+12/-0)
debian/openssh-server.tmpfile (+2/-0)
debian/openssh-server.ucf-md5sum (+24/-0)
debian/patches/series (+2/-0)
debian/patches/socket-activation-documentation.patch (+50/-0)
debian/patches/systemd-socket-activation.patch (+141/-49)
debian/patches/test-set-UsePAM-no-on-some-tests.patch (+41/-0)
debian/po/cs.po (+26/-1)
debian/po/da.po (+26/-1)
debian/po/de.po (+26/-1)
debian/po/es.po (+26/-1)
debian/po/fr.po (+26/-1)
debian/po/it.po (+26/-1)
debian/po/ja.po (+26/-1)
debian/po/nl.po (+26/-1)
debian/po/pt.po (+26/-1)
debian/po/pt_BR.po (+26/-1)
debian/po/ru.po (+28/-3)
debian/po/sv.po (+26/-1)
debian/po/templates.pot (+27/-2)
debian/po/tr.po (+27/-2)
debian/rules (+3/-2)
debian/systemd/ssh.service (+0/-2)
debian/tests/control (+6/-0)
debian/tests/systemd-socket-activation (+62/-0)
dev/null (+0/-17)
Reviewer Review Type Date Requested Status
Simon Chopin (community) Approve
git-ubuntu import Pending
Review via email: mp+445895@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Simon Chopin (schopin) wrote :

Uploaded. I'm a bit sad that we didn't manage to drop some of our delta for this, but I'd rather have the new upstream version in the archive now than wait for some hypothetical Debian upload to come :)

review: Approve
Reply
Revision history for this message
Nick Rosbrook (enr0n) wrote :

FWIW, I do have a PR on salsa for some of this (https://salsa.debian.org/ssh-team/openssh/-/merge_requests/22), but is has not received comment yet. It does need to be refreshed, however.

Reply

Unmerged commits

2f2d354... by Nick Rosbrook

update changelog

4f2fbae... by Nick Rosbrook

update-maintainer

dc4b77f... by Nick Rosbrook

reconstruct-changelog

46c8429... by Nick Rosbrook

merge-changelogs

6307fd2... by Nick Rosbrook

  * debian/rules: Do not stop ssh.socket on upgrade

16e07b1... by Nick Rosbrook

  * debian/tests/systemd-socket-activation: Reboot the testbed before starting the test

9635df5... by Nick Rosbrook

  * debian/openssh-server.postint:
    - When upgrading from affected versions of openssh, do not try to
      restart systemd units, and instead indicate that a reboot is required

505142a... by Nick Rosbrook

  * d/p/test-set-UsePAM-no-on-some-tests.patch: set UsePAM=no for some tests

710a492... by Nick Rosbrook

  * debian/tests/systemd-socket-activation: Add autopkgtest for systemd socket
    activation functionality.

af2bb70... by Nick Rosbrook

  * debian/patches/systemd-socket-activation.patch: Fix sshd
    re-execution behavior when socket activation is used

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/.gitignore b/debian/.gitignore
2deleted file mode 100644
3index 988323b..0000000
4--- a/debian/.gitignore
5+++ /dev/null
6@@ -1,17 +0,0 @@
7-/*.debhelper*
8-/*substvars
9-/build-deb
10-/build-udeb
11-/files
12-/keygen-test/key1
13-/keygen-test/key1.pub
14-/keygen-test/key2
15-/keygen-test/key2.pub
16-/openssh-client
17-/openssh-client-udeb
18-/openssh-server
19-/openssh-server-udeb
20-/ssh
21-/ssh-askpass-gnome
22-/ssh-krb5
23-/tmp
24diff --git a/debian/README.Debian b/debian/README.Debian
25index 6aab9cb..8067852 100644
26--- a/debian/README.Debian
27+++ b/debian/README.Debian
28@@ -184,23 +184,7 @@ this sshd manually on upgrades.
29 Socket-based activation with systemd
30 ------------------------------------
31
32-If you want to reconfigure systemd to listen on port 22 itself and launch
33-sshd on connection (systemd-style socket activation), then you can run:
34-
35- systemctl disable --now ssh.service
36- systemctl start ssh.socket
37-
38-To roll back this change, run:
39-
40- systemctl stop ssh.socket
41- systemctl enable --now ssh.service
42-
43-Or if you want to make this change permanent:
44-
45- systemctl enable ssh.socket
46-
47-This may be appropriate in environments where minimal footprint is critical
48-(e.g. cloud guests).
49+By default, socket-based activation is used on systems that use systemd.
50
51 The provided ssh.socket unit file sets ListenStream=22. If you need to have
52 it listen on a different address or port, then you will need to do this as
53@@ -216,6 +200,15 @@ follows (modifying ListenStream to match your requirements):
54
55 See systemd.socket(5) for details.
56
57+If you do not want to use socket activation for ssh on your system, you
58+can disable socket activation by running:
59+
60+ systemctl disable --now ssh.socket
61+ rm -f /etc/systemd/system/ssh.service.d/00-socket.conf
62+ rm -f /etc/systemd/system/ssh.socket.d/addresses.conf
63+ systemctl daemon-reload
64+ systemctl enable --now ssh.service
65+
66 Terminating SSH sessions cleanly on shutdown/reboot with systemd
67 ----------------------------------------------------------------
68
69diff --git a/debian/changelog b/debian/changelog
70index bdaab26..1e4cac3 100644
71--- a/debian/changelog
72+++ b/debian/changelog
73@@ -1,3 +1,36 @@
74+openssh (1:9.3p1-1ubuntu1) mantic; urgency=medium
75+
76+ * Merge with Debian unstable (LP: #2025664). Remaining changes:
77+ - debian/rules: modify dh_installsystemd invocations for
78+ socket-activated sshd
79+ - debian/openssh-server.postinst: handle migration of sshd_config options
80+ to systemd socket options on upgrade.
81+ - debian/README.Debian: document systemd socket activation.
82+ - debian/patches/socket-activation-documentation.patch: Document in
83+ sshd_config(5) that ListenAddress and Port no longer work.
84+ - debian/openssh-server.templates: include debconf prompt explaining
85+ when migration cannot happen due to multiple ListenAddress values
86+ - debian/.gitignore: drop file
87+ - debian/openssh-server.postrm: remove systemd drop-ins for
88+ socket-activated sshd on purge
89+ - debian/openssh-server.ucf-md5sum: update for Ubuntu delta
90+ - debian/openssh-server.tmpfile,debian/systemd/ssh.service: Move
91+ /run/sshd creation out of the systemd unit to a tmpfile config so
92+ that sshd can be run manually if necessary without having to create
93+ this directory by hand.
94+ - debian/patches/systemd-socket-activation.patch: Fix sshd
95+ re-execution behavior when socket activation is used
96+ - debian/tests/systemd-socket-activation: Add autopkgtest for systemd socket
97+ activation functionality.
98+ - d/p/test-set-UsePAM-no-on-some-tests.patch: set UsePAM=no for some tests
99+ - Ensure smooth upgrade path from versions affected by LP: #2020474:
100+ + debian/openssh-server.postint: do not try to restart systemd units,
101+ and instead indicate that a reboot is required
102+ + debian/tests/systemd-socket-activation: Reboot the testbed before starting the test
103+ + debian/rules: Do not stop ssh.socket on upgrade
104+
105+ -- Nick Rosbrook <nick.rosbrook@canonical.com> Mon, 03 Jul 2023 11:34:47 -0400
106+
107 openssh (1:9.3p1-1) unstable; urgency=medium
108
109 * Debconf translations:
110@@ -55,6 +88,64 @@ openssh (1:9.3p1-1) unstable; urgency=medium
111
112 -- Colin Watson <cjwatson@debian.org> Tue, 20 Jun 2023 01:01:48 +0100
113
114+openssh (1:9.2p1-2ubuntu3) mantic; urgency=medium
115+
116+ * Fix upgrade of openssh-server with active ssh session (LP: #2020474)
117+ - debian/patches/systemd-socket-activation.patch:
118+ + Do force closing of listen sockets in child process
119+ + Set rexec_flag = 0 when sshd is socket-activated so that child process
120+ does not re-exec
121+ - debian/openssh-server.postint:
122+ + When upgrading from affected versions of openssh, do not try to
123+ restart systemd units, and instead indicate that a reboot is required
124+ - debian/tests/systemd-socket-activation:
125+ + Reboot the testbed before starting the test
126+ - debian/rules:
127+ + Do not stop ssh.socket on upgrade
128+ * d/p/test-set-UsePAM-no-on-some-tests.patch: set UsePAM=no for some tests
129+
130+ -- Nick Rosbrook <nick.rosbrook@canonical.com> Wed, 24 May 2023 18:02:11 -0400
131+
132+openssh (1:9.2p1-2ubuntu2) mantic; urgency=medium
133+
134+ * debian/README.Debian: Fix path of addresses.conf drop-in
135+
136+ -- Nick Rosbrook <nick.rosbrook@canonical.com> Tue, 23 May 2023 10:50:35 -0400
137+
138+openssh (1:9.2p1-2ubuntu1) mantic; urgency=medium
139+
140+ * Merge with Debian unstable (LP: #2018094). Remaining changes:
141+ - debian/rules: modify dh_installsystemd invocations for
142+ socket-activated sshd
143+ - debian/openssh-server.postinst: handle migration of sshd_config options
144+ to systemd socket options on upgrade.
145+ - debian/README.Debian: document systemd socket activation.
146+ - debian/patches/socket-activation-documentation.patch: Document in
147+ sshd_config(5) that ListenAddress and Port no longer work.
148+ - debian/openssh-server.templates: include debconf prompt explaining
149+ when migration cannot happen due to multiple ListenAddress values
150+ - debian/.gitignore: drop file
151+ - debian/openssh-server.postrm: remove systemd drop-ins for
152+ socket-activated sshd on purge
153+ - debian/openssh-server.ucf-md5sum: Update list of stock sshd_config
154+ checksums to include those from jammy and kinetic.
155+ - debian/openssh-server.tmpfile,debian/systemd/ssh.service: Move
156+ /run/sshd creation out of the systemd unit to a tmpfile config so
157+ that sshd can be run manually if necessary without having to create
158+ this directory by hand.
159+ - debian/patches/systemd-socket-activation.patch: Fix sshd
160+ re-execution behavior when socket activation is used
161+ - debian/tests/systemd-socket-activation: Add autopkgtest for systemd socket
162+ activation functionality.
163+ * Dropped changes, included in Debian:
164+ - debian/patches/systemd-socket-activation.patch: Initial implementation
165+ * New changes:
166+ - debian/README.Debian: mention drop-in configurations in instructions
167+ for disabling sshd socket activation (LP: #2017434).
168+ - debian/openssh-server.ucf-md5sum: update for Ubuntu delta
169+
170+ -- Nick Rosbrook <nick.rosbrook@canonical.com> Fri, 19 May 2023 15:18:17 -0400
171+
172 openssh (1:9.2p1-2) unstable; urgency=medium
173
174 * Fix mistakenly-unreleased entry for 1:9.2p1-1 in debian/NEWS.
175@@ -306,6 +397,105 @@ openssh (1:9.1p1-1) unstable; urgency=medium
176
177 -- Colin Watson <cjwatson@debian.org> Mon, 14 Nov 2022 16:25:45 +0000
178
179+openssh (1:9.0p1-1ubuntu8.1) lunar; urgency=medium
180+
181+ * debian/patches/systemd-socket-activation.patch: Fix re-execution behavior
182+ (LP: #2011458):
183+ - Remove FD_CLOEXEC on fds passed by systemd to prevent automatic closing
184+ when sshd re-executes.
185+ - Do not manually close fds passed by systemd when re-executing.
186+ - Only call sd_listen_fds() once, and only in the parent process.
187+ - Check the LISTEN_FDS environment variable to get the number of fds
188+ passed by systemd when re-executing as a child process.
189+ * debian/tests/systemd-socket-activation: Add autopkgtest for systemd socket
190+ activation functionality.
191+
192+ -- Nick Rosbrook <nick.rosbrook@canonical.com> Fri, 31 Mar 2023 12:44:32 -0400
193+
194+openssh (1:9.0p1-1ubuntu8) lunar; urgency=medium
195+
196+ * debian/openssh-server.postinst: Fix handling of ListenAddress when a port
197+ is specified (LP: #1993478):
198+ - Strip port before converting hostnames to numerical addresses.
199+ - Only append ports when the ListenAddress does not already specify a
200+ port.
201+ - Revert socket migration on upgrade if a previous version did the
202+ migration when it should not have.
203+ * debian/openssh-server.postinst: Ignore empty directory failure from rmdir
204+ when skipping socket migration (LP: #1995294).
205+
206+ -- Nick Rosbrook <nick.rosbrook@canonical.com> Tue, 25 Oct 2022 11:57:43 -0400
207+
208+openssh (1:9.0p1-1ubuntu7) kinetic; urgency=medium
209+
210+ * Update list of stock sshd_config checksums to include those from
211+ jammy and kinetic.
212+ * Add a workaround for LP: #1990863 (now fixed in livecd-rootfs) to
213+ avoid spurious ucf prompts on upgrade.
214+ * Move /run/sshd creation out of the systemd unit to a tmpfile config
215+ so that sshd can be run manually if necessary without having to create
216+ this directory by hand. LP: #1991283.
217+
218+ [ Nick Rosbrook ]
219+ * debian/openssh-server.postinst: Fix addresses.conf generation when only
220+ non-default Port is used in /etc/ssh/sshd_config (LP: #1991199).
221+
222+ -- Steve Langasek <vorlon@debian.org> Mon, 26 Sep 2022 21:55:14 +0000
223+
224+openssh (1:9.0p1-1ubuntu6) kinetic; urgency=medium
225+
226+ * Fix syntax error in postinst :/
227+
228+ -- Steve Langasek <vorlon@debian.org> Fri, 23 Sep 2022 19:51:32 +0000
229+
230+openssh (1:9.0p1-1ubuntu5) kinetic; urgency=medium
231+
232+ * Correctly handle the case of new installs, and correctly apply systemd
233+ unit overrides on upgrade from existing kinetic systems.
234+
235+ -- Steve Langasek <vorlon@debian.org> Fri, 23 Sep 2022 19:45:18 +0000
236+
237+openssh (1:9.0p1-1ubuntu4) kinetic; urgency=medium
238+
239+ * Don't migrate users to socket activation if multiple ListenAddresses
240+ might make sshd unreliable on boot.
241+ * Fix regexp bug that prevented proper migration of IPv6 address settings.
242+
243+ -- Steve Langasek <vorlon@debian.org> Fri, 23 Sep 2022 19:35:37 +0000
244+
245+openssh (1:9.0p1-1ubuntu3) kinetic; urgency=medium
246+
247+ * Document in the default sshd_config file the changes in behavior
248+ triggered by use of socket-based activation.
249+
250+ -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 26 Aug 2022 00:40:11 +0000
251+
252+openssh (1:9.0p1-1ubuntu2) kinetic; urgency=medium
253+
254+ * Fix manpage to not claim socket-based activation is the default on
255+ Debian!
256+
257+ -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 26 Aug 2022 00:21:42 +0000
258+
259+openssh (1:9.0p1-1ubuntu1) kinetic; urgency=medium
260+
261+ * debian/patches/systemd-socket-activation.patch: support systemd
262+ socket activation.
263+ * debian/systemd/ssh.socket, debian/systemd/ssh.service: use socket
264+ activation by default.
265+ * debian/rules: rejigger dh_installsystemd invocations so ssh.service and
266+ ssh.socket don't fight.
267+ * debian/openssh-server.postinst: handle migration of sshd_config options
268+ to systemd socket options on upgrade.
269+ * debian/README.Debian: document systemd socket activation.
270+ * debian/patches/socket-activation-documentation.patch: Document in
271+ sshd_config(5) that ListenAddress and Port no longer work.
272+ * debian/openssh-server.templates, debian/openssh-server.postinst: include
273+ debconf warning about possible service failure with multiple
274+ ListenAddress settings.
275+
276+ -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 19 Aug 2022 20:43:16 +0000
277+
278 openssh (1:9.0p1-1) unstable; urgency=medium
279
280 * New upstream release (https://www.openssh.com/releasenotes.html#9.0p1):
281diff --git a/debian/control b/debian/control
282index f3ed979..aa9cc2e 100644
283--- a/debian/control
284+++ b/debian/control
285@@ -1,7 +1,8 @@
286 Source: openssh
287 Section: net
288 Priority: standard
289-Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
290+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
291+XSBC-Original-Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
292 Build-Depends: debhelper (>= 13.1~),
293 debhelper-compat (= 13),
294 dh-exec,
295diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst
296index 4114d35..cc70316 100644
297--- a/debian/openssh-server.postinst
298+++ b/debian/openssh-server.postinst
299@@ -17,6 +17,87 @@ get_config_option() {
300 /usr/sbin/sshd -G | sed -n "s/^$option //Ip"
301 }
302
303+get_config_option_all() {
304+ option="$1"
305+ file="$2"
306+
307+ if [ -z "$file" ]; then
308+ file=/etc/ssh/sshd_config
309+ fi
310+
311+ [ -f "$file" ] || return 0
312+ # ListenAddress and Port only take a single word argument so anything
313+ # after this must be a comment
314+ while read option2 value junk; do
315+ case $option2 in
316+ $option)
317+ echo $value
318+ ;;
319+ Include)
320+ # globs
321+ for f in $value; do
322+ get_config_option_all "$option" "$f"
323+ done
324+ ;;
325+ esac
326+ done < $file
327+}
328+
329+hostnames_to_addresses() {
330+ addresses="$1"
331+ for address in $addresses; do
332+ address_no_port="$(address_strip_port $address)"
333+ if echo "$address_no_port" | grep -q '^[0-9a-f:]\+$\|^[0-9.]\+$'; then
334+ numeric_addresses="$numeric_addresses $address"
335+ else
336+ new_addresses=$( (getent ahostsv4 $address_no_port;
337+ getent ahostsv6 $address_no_port) \
338+ | awk '$1 ~ /^::ffff:/ || $2 != "STREAM" { next; }
339+ $1 ~ /:/ { print "[" $1 "]"; next; }
340+ { print $1 }' \
341+ | sort -u)
342+ port="$(port_from_address $address)"
343+ if [ -n "$port" ]; then
344+ new_addresses="$(for addr in $new_addresses; do echo $addr:$port; done)"
345+ fi
346+ numeric_addresses="$numeric_addresses $new_addresses"
347+ fi
348+ done
349+ echo "$numeric_addresses"
350+}
351+
352+port_from_address() {
353+ address="$1"
354+ if echo $address | grep -q '^\[[0-9a-f:]*\]:'; then
355+ # This is an IPv6 address with a port.
356+ port="$(echo $address | awk -F':' '{print $NF}')"
357+ elif echo $address | grep -q '^\[[0-9a-f:]*\]\+$\|^[0-9a-f:]\+$'; then
358+ # This is an IPv6 address without a port.
359+ port=""
360+ else
361+ # This is an IPv4 address or hostname, where the port
362+ # may or may not be specified.
363+ port="$(echo $address | awk -F':' '{print $2}')"
364+ fi
365+ echo "$port"
366+}
367+
368+address_strip_port() {
369+ address="$1"
370+ if echo $address | grep -q '^\[[0-9a-f:]*\]\(:\|$\)'; then
371+ # This is an IPv6 address in brackets, with or without a port.
372+ address_no_port="$(echo $address | awk -F '[][]' '{print $2}')"
373+ elif echo $address | grep -q '^[0-9a-f:]\+$'; then
374+ # This is an IPv6 address with no brackets and no port.
375+ address_no_port="$address"
376+ else
377+ # This is an IPv4 address or hostname, where the port
378+ # may or may not be specified.
379+ address_no_port="$(echo $address | awk -F':' '{print $1}')"
380+ fi
381+ echo "$address_no_port"
382+}
383+
384
385 create_key() {
386 msg="$1"
387@@ -54,15 +135,20 @@ create_keys() {
388
389
390 new_config=
391+workaround=
392
393 cleanup() {
394 if [ "$new_config" ]; then
395 rm -f "$new_config"
396 fi
397+ if [ "$workaround" ]; then
398+ rm -f "$workaround"
399+ fi
400 }
401
402
403 create_sshdconfig() {
404+ prev_ver="$1"
405 # XXX cjwatson 2016-12-24: This debconf template is very confusingly
406 # named; its description is "Disable SSH password authentication for
407 # root?", so true -> prohibit-password (the upstream default),
408@@ -84,6 +170,21 @@ create_sshdconfig() {
409 "$new_config"
410 fi
411 mkdir -pZ /etc/ssh
412+
413+ # Workaround for LP: #1968873: if we have an sshd_config with a known
414+ # checksum, confirm it via ucf before applying the changes from
415+ # the new version.
416+ if dpkg --compare-versions "$prev_ver" lt-nl 1:9.0p1-1ubuntu7 \
417+ && grep -q "^$(md5sum /etc/ssh/sshd_config | awk '{ print $1 }')" \
418+ /usr/share/openssh/sshd_config.md5sum
419+ then
420+ workaround="$(mktemp)"
421+ sed -e'14,16d' "$new_config" > "$workaround"
422+ ucf --three-way --debconf-ok \
423+ --sum-file /usr/share/openssh/sshd_config.md5sum \
424+ "$workaround" /etc/ssh/sshd_config
425+ fi
426+
427 ucf --three-way --debconf-ok \
428 --sum-file /usr/share/openssh/sshd_config.md5sum \
429 "$new_config" /etc/ssh/sshd_config
430@@ -97,7 +198,7 @@ setup_sshd_user() {
431 }
432
433 if [ "$action" = configure ]; then
434- create_sshdconfig
435+ create_sshdconfig "$2"
436 create_keys
437 setup_sshd_user
438 if dpkg --compare-versions "$2" lt-nl 1:7.9p1-5 && \
439@@ -110,18 +211,116 @@ if [ "$action" = configure ]; then
440 # which we now move back into place.
441 mv /etc/ssh/moduli.dpkg-bak /etc/ssh/moduli
442 fi
443- if dpkg --compare-versions "$2" lt-nl 1:9.1p1-1~ && \
444- deb-systemd-helper --quiet was-enabled ssh.socket && \
445- [ -d /run/systemd/system ]
446+ if dpkg --compare-versions "$2" lt-nl 1:9.0p1-1ubuntu8~
447 then
448 # migrate to systemd socket activation.
449- systemctl unmask ssh.service
450- systemctl disable ssh.service
451+ addresses=$(get_config_option_all ListenAddress)
452+ addresses=$(hostnames_to_addresses "$addresses")
453+ ports=$(get_config_option_all Port)
454+ if [ -n "$addresses$ports" ]
455+ then
456+ override_dir=/etc/systemd/system/ssh.socket.d
457+ mkdir -p "$override_dir"
458+ echo '[Socket]' > "$override_dir"/addresses.conf.new
459+ echo 'ListenStream=' >> "$override_dir"/addresses.conf.new
460+ fi
461+ if [ -n "$addresses" ]; then
462+ [ -n "$ports" ] || ports=22
463+ count=0
464+ for address in $addresses; do
465+ count=$((count+1))
466+ port_from_address="$(port_from_address $address)"
467+ if [ -z "$port_from_address" ]; then
468+ for port in $ports; do
469+ echo "ListenStream=$address:$port" \
470+ >> "$override_dir"/addresses.conf.new
471+ done
472+ else
473+ echo "ListenStream=$address" \
474+ >> "$override_dir"/addresses.conf.new
475+ fi
476+ done
477+ if [ $count -gt 1 ]; then
478+ db_input critical openssh-server/listenstream-may-fail || true
479+ db_go || true
480+ rm -f "$override_dir"/addresses.conf.new
481+ rmdir --ignore-fail-on-non-empty "$override_dir"
482+ NO_SOCKET_MIGRATION=1
483+ fi
484+ elif [ -n "$ports" ]; then
485+ for port in $ports; do
486+ echo "ListenStream=$port" \
487+ >> "$override_dir"/addresses.conf.new
488+ done
489+ fi
490+
491+ if [ -z "$NO_SOCKET_MIGRATION" ] && [ -n "$addresses$ports" ]
492+ then
493+ mv "$override_dir"/addresses.conf.new \
494+ "$override_dir"/addresses.conf
495+ fi
496 fi
497+ if dpkg --compare-versions "$2" lt 1:9.0p1-1ubuntu5~; then
498+ if [ -z "$NO_SOCKET_MIGRATION" ]; then
499+ override_dir=/etc/systemd/system/ssh.service.d
500+ mkdir -p "$override_dir"
501+ echo '[Unit]' > "$override_dir"/00-socket.conf
502+ echo 'After=ssh.socket' >> "$override_dir"/00-socket.conf
503+ echo 'Requires=ssh.socket' >> "$override_dir"/00-socket.conf
504+
505+ # deb-systemd-helper is inadequate for the task of
506+ # changing policy for the units on upgrade
507+ if [ -d /run/systemd/system ]; then
508+ systemctl daemon-reload
509+ systemctl disable ssh.service
510+ systemctl unmask ssh.service
511+ systemctl stop ssh.service
512+ systemctl enable ssh.socket
513+ fi
514+ fi
515+ fi
516+
517+ # Revert socket migration if we can determine the user hit
518+ # LP: #1993478.
519+ if dpkg --compare-versions "$2" lt-nl 1:9.0p1-1ubuntu7~ \
520+ && [ -e /etc/systemd/system/ssh.socket.d/addresses.conf ] \
521+ && [ -e /etc/systemd/system/ssh.service.d/00-socket.conf ] \
522+ && [ -n "$NO_SOCKET_MIGRATION" ]; then
523+ rm /etc/systemd/system/ssh.socket.d/addresses.conf
524+ rmdir --ignore-fail-on-non-empty /etc/systemd/system/ssh.socket.d
525+ rm /etc/systemd/system/ssh.service.d/00-socket.conf
526+ rmdir --ignore-fail-on-non-empty /etc/systemd/system/ssh.service.d
527+ if [ -d /run/systemd/system ]; then
528+ systemctl daemon-reload
529+ systemctl disable ssh.socket
530+ systemctl stop ssh.socket
531+ systemctl enable ssh.service
532+ fi
533+ fi
534 fi
535
536 #DEBHELPER#
537
538+if [ -d /run/systemd/system ]; then
539+ # If the running sshd contains the patch from LP: #2011458, without
540+ # the patch from LP: #2020474, then we cannot restart ssh.socket while
541+ # an ssh session is active. Rather than trying to restart these units,
542+ # indicate that a reboot is required to finish configuring the new version.
543+ if dpkg --compare-versions "$2" eq "1:9.0p1-1ubuntu8.1" \
544+ || dpkg --compare-versions "$2" ge "1:9.2p1-2ubuntu1" \
545+ && dpkg --compare-versions "$2" lt "1:9.2p1-2ubuntu3"; then
546+ if ! grep -Fqsx openssh-server /run/reboot-required.pkgs; then
547+ echo openssh-server >> /run/reboot-required.pkgs || true
548+ fi
549+ else
550+ if deb-systemd-helper --quiet was-enabled ssh.socket; then
551+ deb-systemd-invoke restart ssh.socket
552+ elif deb-systemd-helper --quiet was-enabled ssh.service; then
553+ deb-systemd-invoke restart ssh.service
554+ fi
555+ fi
556+fi
557+
558 db_stop
559
560 exit 0
561diff --git a/debian/openssh-server.postrm b/debian/openssh-server.postrm
562index fbaeb17..46798dd 100644
563--- a/debian/openssh-server.postrm
564+++ b/debian/openssh-server.postrm
565@@ -23,6 +23,10 @@ case $1 in
566 if command -v ucfr >/dev/null 2>&1; then
567 ucfr --purge openssh-server /etc/ssh/sshd_config
568 fi
569+ rm -f /etc/systemd/system/ssh.service.d/00-socket.conf
570+ rm -f /etc/systemd/system/ssh.socket.d/addresses.conf
571+ rmdir /etc/systemd/system/ssh.service.d || true
572+ rmdir /etc/systemd/system/ssh.socket.d || true
573 rm -f /etc/ssh/sshd_not_to_be_run
574 [ ! -d /etc/ssh ] || rmdir --ignore-fail-on-non-empty /etc/ssh
575
576diff --git a/debian/openssh-server.templates b/debian/openssh-server.templates
577index e071fe3..31f2935 100644
578--- a/debian/openssh-server.templates
579+++ b/debian/openssh-server.templates
580@@ -21,3 +21,15 @@ Description: Allow password authentication?
581 By default, the SSH server will allow authenticating using a password.
582 You may want to change this if all users on this system authenticate using
583 a stronger authentication method, such as public keys.
584+
585+Template: openssh-server/listenstream-may-fail
586+Type: error
587+_Description: Not migrating to socket activation
588+ This version of openssh-server uses socket-based activation by default.
589+ However, because you have more than one ListenAddress configured in
590+ sshd_config, it is impossible to determine at upgrade time if migrating
591+ you to socket-based activation would cause the starting of sshd at boot
592+ to be unreliable.
593+ .
594+ Because a failure to start ssh may make it impossible to admininister a
595+ system, you will not be migrated to socket-based activation at this time.
596diff --git a/debian/openssh-server.tmpfile b/debian/openssh-server.tmpfile
597new file mode 100644
598index 0000000..76c6323
599--- /dev/null
600+++ b/debian/openssh-server.tmpfile
601@@ -0,0 +1,2 @@
602+#Type Path Mode UID GID Age Arguments
603+D /run/sshd 0755 root root - -
604diff --git a/debian/openssh-server.ucf-md5sum b/debian/openssh-server.ucf-md5sum
605index 3a9dc23..9a8efb6 100644
606--- a/debian/openssh-server.ucf-md5sum
607+++ b/debian/openssh-server.ucf-md5sum
608@@ -103,8 +103,32 @@ cc873ab3ccc9cf3a3830c3c0728c0d0b
609 9f1bec115595c0f76282d80abe5d9bcc
610 ae1a449c8adb31cb603e28fda5342696
611
612+# From 1:8.4p1-5
613+6dbdc3a27e1953d209f929df7aff0c57
614+0ef8c8fe6a3afd12382dbb93cd7bbb4e
615+ae1a449c8adb31cb603e28fda5342696
616+9f1bec115595c0f76282d80abe5d9bcc
617+
618 # From 1:8.7p1-1:
619 fe83fd23553510bb632dc8e6e35ab41a
620 d96ecd9064ea650c44372a5a33d3e497
621 7fdb195ac56e0bf1992e18ac656811af
622 4e03b4df60cd00c651777ec14ff76aef
623+
624+# From 1:8.9p1-3
625+30e0fe758429c57d35a5e71dbd8dd2f8
626+23a8a2b1a8f1538be49eb86313367191
627+133f5f0119fbf5716b7d72048b25ea71
628+697a81708f11897cb0fef857563dee55
629+
630+# From 1:9.0p1-1ubuntu3
631+90ace5da6c7eb3041732930972662f34
632+b2c07b86695152141e84f44e4414104a
633+e7b9120b6e68c5666ac21a0cc03d4806
634+9389be84e67cd5a91b97de5ff03c9306
635+
636+# From 1:9.2p1-2ubuntu1
637+fac56840f6697a357368bb878dd8fb87
638+d01da8c9de75176095712d4e37d5dcd5
639+e4898846045f33b8d99d3263d6f6fd81
640+ec46dc59ba9c9e9458add405264fcedd
641diff --git a/debian/patches/series b/debian/patches/series
642index 87eebc3..650a6c5 100644
643--- a/debian/patches/series
644+++ b/debian/patches/series
645@@ -25,3 +25,5 @@ revert-ipqos-defaults.patch
646 maxhostnamelen.patch
647 conch-ssh-rsa.patch
648 systemd-socket-activation.patch
649+socket-activation-documentation.patch
650+test-set-UsePAM-no-on-some-tests.patch
651diff --git a/debian/patches/socket-activation-documentation.patch b/debian/patches/socket-activation-documentation.patch
652new file mode 100644
653index 0000000..9afde55
654--- /dev/null
655+++ b/debian/patches/socket-activation-documentation.patch
656@@ -0,0 +1,50 @@
657+Index: openssh-9.0p1/sshd_config.5
658+===================================================================
659+--- openssh-9.0p1.orig/sshd_config.5
660++++ openssh-9.0p1/sshd_config.5
661+@@ -1069,6 +1069,15 @@
662+ Multiple
663+ .Cm ListenAddress
664+ options are permitted.
665++.Pp
666++.Cm Note:
667++On Ubuntu, the openssh-server package is configured to use systemd
668++socket-based activation by default. Therefore if you are using systemd with
669++the default configuration,
670++.Cm ListenAddress
671++options will not be honored. Address configuration must be handled in
672++.Pa /etc/systemd/system/ssh.socket.d
673++instead.
674+ .It Cm LoginGraceTime
675+ The server disconnects after this time if the user has not
676+ successfully logged in.
677+@@ -1520,6 +1529,15 @@
678+ Multiple options of this type are permitted.
679+ See also
680+ .Cm ListenAddress .
681++.Pp
682++.Cm Note:
683++On Ubuntu, the openssh-server package is configured to use systemd
684++socket-based activation by default. Therefore if you are using systemd with
685++the default configuration,
686++.Cm Port
687++options will not be honored. Address configuration must be handled in
688++.Pa /etc/systemd/system/ssh.socket.d
689++instead.
690+ .It Cm PrintLastLog
691+ Specifies whether
692+ .Xr sshd 8
693+Index: openssh-9.0p1/sshd_config
694+===================================================================
695+--- openssh-9.0p1.orig/sshd_config
696++++ openssh-9.0p1/sshd_config
697+@@ -12,6 +12,9 @@
698+
699+ Include /etc/ssh/sshd_config.d/*.conf
700+
701++# Port and ListenAddress options are not used when sshd is socket-activated,
702++# which is now the default in Ubuntu. See sshd_config(5) and
703++# /usr/share/doc/openssh-server/README.Debian.gz for details.
704+ #Port 22
705+ #AddressFamily any
706+ #ListenAddress 0.0.0.0
707diff --git a/debian/patches/systemd-socket-activation.patch b/debian/patches/systemd-socket-activation.patch
708index 8ef366d..8e1ce7c 100644
709--- a/debian/patches/systemd-socket-activation.patch
710+++ b/debian/patches/systemd-socket-activation.patch
711@@ -1,47 +1,72 @@
712-From ecf309863a54ecdaeb2edb82edb79d91a23cee22 Mon Sep 17 00:00:00 2001
713-From: Steve Langasek <steve.langasek@ubuntu.com>
714-Date: Thu, 1 Sep 2022 16:03:37 +0100
715-Subject: Support systemd socket activation
716+Description: support systemd socket activation
717+ Unlike inetd socket activation, with systemd socket activation the
718+ supervisor passes the listened-on socket to the child process and lets
719+ the child process handle the accept(). This lets us do delayed start
720+ of the sshd daemon without becoming incompatible with config options
721+ like ClientAliveCountMax.
722+Author: Steve Langasek <steve.langasek@ubuntu.com>
723+Author: Nick Rosbrook <nick.rosbrook@canonical.com>
724+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2011458
725+Last-Update: 2023-05-25
726
727-Unlike inetd socket activation, with systemd socket activation the
728-supervisor passes the listened-on socket to the child process and lets
729-the child process handle the accept(). This lets us do delayed start
730-of the sshd daemon without becoming incompatible with config options
731-like ClientAliveCountMax.
732-
733-Last-Update: 2022-09-01
734-
735-Patch-Name: systemd-socket-activation.patch
736----
737- sshd.c | 89 +++++++++++++++++++++++++++++++++++++++++++++++++---------
738- 1 file changed, 75 insertions(+), 14 deletions(-)
739-
740-diff --git a/sshd.c b/sshd.c
741-index 731b9e400..3a5189a6e 100644
742 --- a/sshd.c
743 +++ b/sshd.c
744-@@ -140,10 +140,16 @@ int deny_severity;
745+@@ -139,11 +139,14 @@
746+ int deny_severity;
747 #endif /* LIBWRAP */
748
749++/* This will only get set if we build with systemd. */
750++static int systemd_num_listen_fds;
751++
752 /* Re-exec fds */
753 -#define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1)
754 -#define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2)
755 -#define REEXEC_CONFIG_PASS_FD (STDERR_FILENO + 3)
756 -#define REEXEC_MIN_FREE_FD (STDERR_FILENO + 4)
757-+#ifdef HAVE_SYSTEMD
758-+#define SYSTEMD_OFFSET sd_listen_fds(0)
759-+#else
760-+#define SYSTEMD_OFFSET 0
761-+#endif
762-+
763-+#define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1 + SYSTEMD_OFFSET)
764-+#define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2 + SYSTEMD_OFFSET)
765-+#define REEXEC_CONFIG_PASS_FD (STDERR_FILENO + 3 + SYSTEMD_OFFSET)
766-+#define REEXEC_MIN_FREE_FD (STDERR_FILENO + 4 + SYSTEMD_OFFSET)
767++#define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1 + systemd_num_listen_fds)
768++#define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2 + systemd_num_listen_fds)
769++#define REEXEC_CONFIG_PASS_FD (STDERR_FILENO + 3 + systemd_num_listen_fds)
770++#define REEXEC_MIN_FREE_FD (STDERR_FILENO + 4 + systemd_num_listen_fds)
771
772 extern char *__progname;
773
774-@@ -1020,6 +1026,48 @@ server_accept_inetd(int *sock_in, int *sock_out)
775+@@ -194,6 +197,7 @@
776+ */
777+ #define MAX_LISTEN_SOCKS 16
778+ static int listen_socks[MAX_LISTEN_SOCKS];
779++static int listen_socks_no_close[MAX_LISTEN_SOCKS];
780+ static int num_listen_socks = 0;
781+
782+ /* Daemon's agent connection */
783+@@ -279,12 +283,16 @@
784+ * Close all listening sockets
785+ */
786+ static void
787+-close_listen_socks(void)
788++close_listen_socks(int force)
789+ {
790+ int i;
791+
792+- for (i = 0; i < num_listen_socks; i++)
793++ for (i = 0; i < num_listen_socks; i++) {
794++ if (listen_socks_no_close[i] > 0 && force <= 0)
795++ continue;
796++
797+ close(listen_socks[i]);
798++ }
799+ num_listen_socks = 0;
800+ }
801+
802+@@ -322,7 +330,7 @@
803+ if (options.pid_file != NULL)
804+ unlink(options.pid_file);
805+ platform_pre_restart();
806+- close_listen_socks();
807++ close_listen_socks(/* force = */ 0);
808+ close_startup_pipes();
809+ ssh_signal(SIGHUP, SIG_IGN); /* will be restored after exec */
810+ execv(saved_argv[0], saved_argv);
811+@@ -1020,6 +1028,65 @@
812 debug("inetd sockets after dupping: %d, %d", *sock_in, *sock_out);
813 }
814
815@@ -52,7 +77,7 @@ index 731b9e400..3a5189a6e 100644
816 +static void
817 +setup_systemd_socket(int listen_sock)
818 +{
819-+ int ret;
820++ int flags, ret;
821 + struct sockaddr_storage addr;
822 + socklen_t len = sizeof(addr);
823 + char ntop[NI_MAXHOST], strport[NI_MAXSERV];
824@@ -77,10 +102,27 @@ index 731b9e400..3a5189a6e 100644
825 + close(listen_sock);
826 + return;
827 + }
828++
829 + /* Socket options */
830 + set_reuseaddr(listen_sock);
831 +
832++ /* systemd sets FD_CLOEXEC on the fds it passes to us, but we need this
833++ * to stay open across re-exec. */
834++ flags = fcntl(listen_sock, F_GETFD);
835++ if (flags < 0) {
836++ error("Failed to get fd flags: %s", strerror(errno));
837++ close(listen_sock);
838++ return;
839++ }
840++
841++ if (fcntl(listen_sock, F_SETFD, flags & ~FD_CLOEXEC) < 0) {
842++ error("Failed to clear FD_CLOEXEC flag: %s", strerror(errno));
843++ close(listen_sock);
844++ return;
845++ }
846++
847 + listen_socks[num_listen_socks] = listen_sock;
848++ listen_socks_no_close[num_listen_socks] = 1;
849 + num_listen_socks++;
850 +
851 + logit("Server listening on %s port %s.", ntop, strport);
852@@ -90,15 +132,7 @@ index 731b9e400..3a5189a6e 100644
853 /*
854 * Listen for TCP connections
855 */
856-@@ -1099,22 +1147,35 @@ static void
857- server_listen(void)
858- {
859- u_int i;
860-+#ifdef HAVE_SYSTEMD
861-+ int systemd_socket_count;
862-+#endif
863-
864- /* Initialise per-source limit tracking. */
865+@@ -1104,17 +1171,26 @@
866 srclimit_init(options.max_startups, options.per_source_max_startups,
867 options.per_source_masklen_ipv4, options.per_source_masklen_ipv6);
868
869@@ -108,12 +142,16 @@ index 731b9e400..3a5189a6e 100644
870 - free(options.listen_addrs[i].rdomain);
871 - memset(&options.listen_addrs[i], 0,
872 - sizeof(options.listen_addrs[i]));
873+- }
874+- free(options.listen_addrs);
875+- options.listen_addrs = NULL;
876+- options.num_listen_addrs = 0;
877+-
878 +#ifdef HAVE_SYSTEMD
879-+ systemd_socket_count = sd_listen_fds(0);
880-+ if (systemd_socket_count > 0)
881++ if (systemd_num_listen_fds > 0)
882 + {
883 + int i;
884-+ for (i = 0; i < systemd_socket_count; i++)
885++ for (i = 0; i < systemd_num_listen_fds; i++)
886 + setup_systemd_socket(SD_LISTEN_FDS_START + i);
887 + } else
888 +#endif
889@@ -128,11 +166,65 @@ index 731b9e400..3a5189a6e 100644
890 + free(options.listen_addrs);
891 + options.listen_addrs = NULL;
892 + options.num_listen_addrs = 0;
893- }
894-- free(options.listen_addrs);
895-- options.listen_addrs = NULL;
896-- options.num_listen_addrs = 0;
897--
898++ }
899 if (!num_listen_socks)
900 fatal("Cannot bind any address.");
901 }
902+@@ -1169,7 +1245,7 @@
903+ if (received_sigterm) {
904+ logit("Received signal %d; terminating.",
905+ (int) received_sigterm);
906+- close_listen_socks();
907++ close_listen_socks(/* force = */ 1);
908+ if (options.pid_file != NULL)
909+ unlink(options.pid_file);
910+ exit(received_sigterm == SIGTERM ? 0 : 255);
911+@@ -1183,7 +1259,7 @@
912+ if (received_sighup) {
913+ if (!lameduck) {
914+ debug("Received SIGHUP; waiting for children");
915+- close_listen_socks();
916++ close_listen_socks(/* force = */ 0);
917+ lameduck = 1;
918+ }
919+ if (listening <= 0) {
920+@@ -1310,7 +1386,7 @@
921+ * connection without forking.
922+ */
923+ debug("Server will not fork when running in debugging mode.");
924+- close_listen_socks();
925++ close_listen_socks(/* force = */ 0);
926+ *sock_in = *newsock;
927+ *sock_out = *newsock;
928+ close(startup_p[0]);
929+@@ -1344,7 +1420,7 @@
930+ platform_post_fork_child();
931+ startup_pipe = startup_p[1];
932+ close_startup_pipes();
933+- close_listen_socks();
934++ close_listen_socks(/* force = */ 1);
935+ *sock_in = *newsock;
936+ *sock_out = *newsock;
937+ log_init(__progname,
938+@@ -1715,6 +1791,21 @@
939+ break;
940+ }
941+ }
942++
943++#ifdef HAVE_SYSTEMD
944++ /* We should call sd_listen_fds() exactly once. If we call
945++ * sd_listen_fds() more than once, then FD_CLOEXEC will be
946++ * re-configured for the passed fds, which will cause problems during
947++ * re-execution. The FD_CLOEXEC flag will be cleared by
948++ * setup_systemd_socket(). */
949++ r = sd_listen_fds(0);
950++ if (r < 0)
951++ fatal("Failed to get systemd socket fds: %s", strerror(-r));
952++
953++ systemd_num_listen_fds = r;
954++ rexec_flag = 0;
955++#endif
956++
957+ if (rexeced_flag || inetd_flag)
958+ rexec_flag = 0;
959+ if (!test_flag && !do_dump_cfg && rexec_flag && !path_absolute(av[0]))
960diff --git a/debian/patches/test-set-UsePAM-no-on-some-tests.patch b/debian/patches/test-set-UsePAM-no-on-some-tests.patch
961new file mode 100644
962index 0000000..207f495
963--- /dev/null
964+++ b/debian/patches/test-set-UsePAM-no-on-some-tests.patch
965@@ -0,0 +1,41 @@
966+Description: Set UsePAM=no for regress/putty-*.sh
967+ Currently these tests fails in the autopkgtest infrastructure due to pam_loginuid.so
968+ failures. These failures cannot currently be replicated locally. Workaround this
969+ by setting UsePAM=no for the failing tests since their functionality is not tesing
970+ PAM.
971+Author: Nick Rosbrook <nick.rosbrook@canonical.com>
972+Forwarded: no
973+Last-Update: 2023-05-25
974+--- a/regress/putty-ciphers.sh
975++++ b/regress/putty-ciphers.sh
976+@@ -14,6 +14,8 @@
977+ echo "PubkeyAcceptedKeyTypes +ssh-rsa" >> ${OBJ}/sshd_proxy
978+ fi
979+
980++sed -i "s/UsePAM.*/UsePAM no/" ${OBJ}/sshd_proxy
981++
982+ for c in aes 3des aes128-ctr aes192-ctr aes256-ctr chacha20 ; do
983+ verbose "$tid: cipher $c"
984+ cp ${OBJ}/.putty/sessions/localhost_proxy \
985+--- a/regress/putty-kex.sh
986++++ b/regress/putty-kex.sh
987+@@ -14,6 +14,8 @@
988+ echo "PubkeyAcceptedKeyTypes +ssh-rsa" >> ${OBJ}/sshd_proxy
989+ fi
990+
991++sed -i "s/UsePAM.*/UsePAM no/" ${OBJ}/sshd_proxy
992++
993+ for k in dh-gex-sha1 dh-group1-sha1 dh-group14-sha1 ecdh ; do
994+ verbose "$tid: kex $k"
995+ cp ${OBJ}/.putty/sessions/localhost_proxy \
996+--- a/regress/putty-transfer.sh
997++++ b/regress/putty-transfer.sh
998+@@ -14,6 +14,8 @@
999+ echo "PubkeyAcceptedKeyTypes +ssh-rsa" >> ${OBJ}/sshd_proxy
1000+ fi
1001+
1002++sed -i "s/UsePAM.*/UsePAM no/" ${OBJ}/sshd_proxy
1003++
1004+ if [ "`${SSH} -Q compression`" = "none" ]; then
1005+ comp="0"
1006+ else
1007diff --git a/debian/po/cs.po b/debian/po/cs.po
1008index d01e0ff..21b4c7b 100644
1009--- a/debian/po/cs.po
1010+++ b/debian/po/cs.po
1011@@ -7,7 +7,7 @@ msgid ""
1012 msgstr ""
1013 "Project-Id-Version: openssh 1:6.6p1-1\n"
1014 "Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
1015-"POT-Creation-Date: 2014-03-20 02:06+0000\n"
1016+"POT-Creation-Date: 2022-09-23 19:34+0000\n"
1017 "PO-Revision-Date: 2014-06-12 12:25+0200\n"
1018 "Last-Translator: Michal Simunek <michal.simunek@gmail.com>\n"
1019 "Language-Team: Czech <debian-l10n-czech@lists.debian.org>\n"
1020@@ -53,3 +53,28 @@ msgstr ""
1021 "poškodit systémy, které jsou nastaveny s předpokladem, že bude možné se "
1022 "přihlašovat přes SSH jako root pomocí ověřování heslem. Změnu této volby "
1023 "byste měli provést pouze pokud ověřování heslem potřebujete."
1024+
1025+#. Type: error
1026+#. Description
1027+#: ../openssh-server.templates:3001
1028+msgid "Not migrating to socket activation"
1029+msgstr ""
1030+
1031+#. Type: error
1032+#. Description
1033+#: ../openssh-server.templates:3001
1034+msgid ""
1035+"This version of openssh-server uses socket-based activation by default. "
1036+"However, because you have more than one ListenAddress configured in "
1037+"sshd_config, it is impossible to determine at upgrade time if migrating you "
1038+"to socket-based activation would cause the starting of sshd at boot to be "
1039+"unreliable."
1040+msgstr ""
1041+
1042+#. Type: error
1043+#. Description
1044+#: ../openssh-server.templates:3001
1045+msgid ""
1046+"Because a failure to start ssh may make it impossible to admininister a "
1047+"system, you will not be migrated to socket-based activation at this time."
1048+msgstr ""
1049diff --git a/debian/po/da.po b/debian/po/da.po
1050index 70d576d..a08ca3b 100644
1051--- a/debian/po/da.po
1052+++ b/debian/po/da.po
1053@@ -7,7 +7,7 @@ msgid ""
1054 msgstr ""
1055 "Project-Id-Version: openssh\n"
1056 "Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
1057-"POT-Creation-Date: 2014-03-20 02:06+0000\n"
1058+"POT-Creation-Date: 2022-09-23 19:34+0000\n"
1059 "PO-Revision-Date: 2014-03-21 23:51+0200\n"
1060 "Last-Translator: Joe Hansen <joedalton2@yahoo.dk>\n"
1061 "Language-Team: Danish <debian-l10n-danish@lists.debian.org>\n"
1062@@ -53,3 +53,28 @@ msgstr ""
1063 "Det kan dog ødelægge systemer, som er opsat med forventning om at kunne SSH "
1064 "som root via brug af adgangskodegodkendelse. Du skal kun lave denne ændring, "
1065 "hvis du ikke har brug for dette."
1066+
1067+#. Type: error
1068+#. Description
1069+#: ../openssh-server.templates:3001
1070+msgid "Not migrating to socket activation"
1071+msgstr ""
1072+
1073+#. Type: error
1074+#. Description
1075+#: ../openssh-server.templates:3001
1076+msgid ""
1077+"This version of openssh-server uses socket-based activation by default. "
1078+"However, because you have more than one ListenAddress configured in "
1079+"sshd_config, it is impossible to determine at upgrade time if migrating you "
1080+"to socket-based activation would cause the starting of sshd at boot to be "
1081+"unreliable."
1082+msgstr ""
1083+
1084+#. Type: error
1085+#. Description
1086+#: ../openssh-server.templates:3001
1087+msgid ""
1088+"Because a failure to start ssh may make it impossible to admininister a "
1089+"system, you will not be migrated to socket-based activation at this time."
1090+msgstr ""
1091diff --git a/debian/po/de.po b/debian/po/de.po
1092index ecba54b..2536ea4 100644
1093--- a/debian/po/de.po
1094+++ b/debian/po/de.po
1095@@ -8,7 +8,7 @@ msgid ""
1096 msgstr ""
1097 "Project-Id-Version: openssh_1:6.6p1-1\n"
1098 "Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
1099-"POT-Creation-Date: 2014-03-20 02:06+0000\n"
1100+"POT-Creation-Date: 2022-09-23 19:34+0000\n"
1101 "PO-Revision-Date: 2014-03-24 22:21+0100\n"
1102 "Last-Translator: Stephan Beck <sbeck@mailbox.org>\n"
1103 "Language-Team: Debian German translation team <debian-l10n-german@lists."
1104@@ -59,3 +59,28 @@ msgstr ""
1105 "in der Absicht konfiguriert wurden, die Anmeldung als »root« über SSH unter "
1106 "Verwendung von Passwort-Authentifizierung zuzulassen. Sie sollten diese "
1107 "Änderung nur vornehmen, wenn Sie auf Letzteres verzichten können."
1108+
1109+#. Type: error
1110+#. Description
1111+#: ../openssh-server.templates:3001
1112+msgid "Not migrating to socket activation"
1113+msgstr ""
1114+
1115+#. Type: error
1116+#. Description
1117+#: ../openssh-server.templates:3001
1118+msgid ""
1119+"This version of openssh-server uses socket-based activation by default. "
1120+"However, because you have more than one ListenAddress configured in "
1121+"sshd_config, it is impossible to determine at upgrade time if migrating you "
1122+"to socket-based activation would cause the starting of sshd at boot to be "
1123+"unreliable."
1124+msgstr ""
1125+
1126+#. Type: error
1127+#. Description
1128+#: ../openssh-server.templates:3001
1129+msgid ""
1130+"Because a failure to start ssh may make it impossible to admininister a "
1131+"system, you will not be migrated to socket-based activation at this time."
1132+msgstr ""
1133diff --git a/debian/po/es.po b/debian/po/es.po
1134index de8a67a..14550d6 100644
1135--- a/debian/po/es.po
1136+++ b/debian/po/es.po
1137@@ -28,7 +28,7 @@ msgid ""
1138 msgstr ""
1139 "Project-Id-Version: openssh\n"
1140 "Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
1141-"POT-Creation-Date: 2014-03-20 02:06+0000\n"
1142+"POT-Creation-Date: 2022-09-23 19:34+0000\n"
1143 "PO-Revision-Date: 2014-03-23 20:43-0300\n"
1144 "Last-Translator: Matías Bellone <matiasbellone+debian@gmail.com>\n"
1145 "Language-Team: Debian l10n Spanish <debian-l10n-spanish@lists.debian.org>\n"
1146@@ -78,3 +78,28 @@ msgstr ""
1147 "configuración permite que el usuario root inicie sesión a través de SSH "
1148 "utilizando una contraseña. Sólo debería realizar este cambio si no necesita "
1149 "este comportamiento."
1150+
1151+#. Type: error
1152+#. Description
1153+#: ../openssh-server.templates:3001
1154+msgid "Not migrating to socket activation"
1155+msgstr ""
1156+
1157+#. Type: error
1158+#. Description
1159+#: ../openssh-server.templates:3001
1160+msgid ""
1161+"This version of openssh-server uses socket-based activation by default. "
1162+"However, because you have more than one ListenAddress configured in "
1163+"sshd_config, it is impossible to determine at upgrade time if migrating you "
1164+"to socket-based activation would cause the starting of sshd at boot to be "
1165+"unreliable."
1166+msgstr ""
1167+
1168+#. Type: error
1169+#. Description
1170+#: ../openssh-server.templates:3001
1171+msgid ""
1172+"Because a failure to start ssh may make it impossible to admininister a "
1173+"system, you will not be migrated to socket-based activation at this time."
1174+msgstr ""
1175diff --git a/debian/po/fr.po b/debian/po/fr.po
1176index f7125e9..7d7093b 100644
1177--- a/debian/po/fr.po
1178+++ b/debian/po/fr.po
1179@@ -7,7 +7,7 @@ msgid ""
1180 msgstr ""
1181 "Project-Id-Version: openssh_1:6.5p1-6\n"
1182 "Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
1183-"POT-Creation-Date: 2014-03-20 02:06+0000\n"
1184+"POT-Creation-Date: 2022-09-23 19:34+0000\n"
1185 "PO-Revision-Date: 2014-03-22 08:26+0100\n"
1186 "Last-Translator: Étienne Gilli <etienne.gilli@gmail.com>\n"
1187 "Language-Team: French <debian-l10n-french@lists.debian.org>\n"
1188@@ -57,3 +57,28 @@ msgstr ""
1189 "inutilisables les systèmes reposant sur la possibilité de se connecter au "
1190 "compte « root » par SSH avec authentification par mot de passe. Vous ne "
1191 "devriez appliquer cette modification que si ce n’est pas votre cas."
1192+
1193+#. Type: error
1194+#. Description
1195+#: ../openssh-server.templates:3001
1196+msgid "Not migrating to socket activation"
1197+msgstr ""
1198+
1199+#. Type: error
1200+#. Description
1201+#: ../openssh-server.templates:3001
1202+msgid ""
1203+"This version of openssh-server uses socket-based activation by default. "
1204+"However, because you have more than one ListenAddress configured in "
1205+"sshd_config, it is impossible to determine at upgrade time if migrating you "
1206+"to socket-based activation would cause the starting of sshd at boot to be "
1207+"unreliable."
1208+msgstr ""
1209+
1210+#. Type: error
1211+#. Description
1212+#: ../openssh-server.templates:3001
1213+msgid ""
1214+"Because a failure to start ssh may make it impossible to admininister a "
1215+"system, you will not be migrated to socket-based activation at this time."
1216+msgstr ""
1217diff --git a/debian/po/it.po b/debian/po/it.po
1218index dd71060..5390795 100644
1219--- a/debian/po/it.po
1220+++ b/debian/po/it.po
1221@@ -6,7 +6,7 @@ msgid ""
1222 msgstr ""
1223 "Project-Id-Version: openssh\n"
1224 "Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
1225-"POT-Creation-Date: 2014-03-20 02:06+0000\n"
1226+"POT-Creation-Date: 2022-09-23 19:34+0000\n"
1227 "PO-Revision-Date: 2014-03-28 11:12+0200\n"
1228 "Last-Translator: Beatrice Torracca <beatricet@libero.it>\n"
1229 "Language-Team: Italian <debian-l10n-italian@lists.debian.org>\n"
1230@@ -56,3 +56,28 @@ msgstr ""
1231 "impostati facendo affidamento sulla possibilità di autenticazione SSH come "
1232 "root usando la password. Si dovrebbe fare questo cambiamento solo se non si "
1233 "ha bisogno di tale comportamento."
1234+
1235+#. Type: error
1236+#. Description
1237+#: ../openssh-server.templates:3001
1238+msgid "Not migrating to socket activation"
1239+msgstr ""
1240+
1241+#. Type: error
1242+#. Description
1243+#: ../openssh-server.templates:3001
1244+msgid ""
1245+"This version of openssh-server uses socket-based activation by default. "
1246+"However, because you have more than one ListenAddress configured in "
1247+"sshd_config, it is impossible to determine at upgrade time if migrating you "
1248+"to socket-based activation would cause the starting of sshd at boot to be "
1249+"unreliable."
1250+msgstr ""
1251+
1252+#. Type: error
1253+#. Description
1254+#: ../openssh-server.templates:3001
1255+msgid ""
1256+"Because a failure to start ssh may make it impossible to admininister a "
1257+"system, you will not be migrated to socket-based activation at this time."
1258+msgstr ""
1259diff --git a/debian/po/ja.po b/debian/po/ja.po
1260index db382f1..b48d281 100644
1261--- a/debian/po/ja.po
1262+++ b/debian/po/ja.po
1263@@ -7,7 +7,7 @@ msgid ""
1264 msgstr ""
1265 "Project-Id-Version: openssh\n"
1266 "Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
1267-"POT-Creation-Date: 2014-03-20 02:06+0000\n"
1268+"POT-Creation-Date: 2022-09-23 19:34+0000\n"
1269 "PO-Revision-Date: 2014-03-20 11:06+0900\n"
1270 "Last-Translator: victory <victory.deb@gmail.com>\n"
1271 "Language-Team: Japanese <debian-japanese@lists.debian.org>\n"
1272@@ -53,3 +53,28 @@ msgstr ""
1273 "ます。しかしパスワード認証により root で SSH 接続できることを前提として構成し"
1274 "たシステムでは問題が発生する可能性があります。そういった必要のない場合にのみ"
1275 "この変更を行うようにしてください。"
1276+
1277+#. Type: error
1278+#. Description
1279+#: ../openssh-server.templates:3001
1280+msgid "Not migrating to socket activation"
1281+msgstr ""
1282+
1283+#. Type: error
1284+#. Description
1285+#: ../openssh-server.templates:3001
1286+msgid ""
1287+"This version of openssh-server uses socket-based activation by default. "
1288+"However, because you have more than one ListenAddress configured in "
1289+"sshd_config, it is impossible to determine at upgrade time if migrating you "
1290+"to socket-based activation would cause the starting of sshd at boot to be "
1291+"unreliable."
1292+msgstr ""
1293+
1294+#. Type: error
1295+#. Description
1296+#: ../openssh-server.templates:3001
1297+msgid ""
1298+"Because a failure to start ssh may make it impossible to admininister a "
1299+"system, you will not be migrated to socket-based activation at this time."
1300+msgstr ""
1301diff --git a/debian/po/nl.po b/debian/po/nl.po
1302index 3afd617..eca9662 100644
1303--- a/debian/po/nl.po
1304+++ b/debian/po/nl.po
1305@@ -7,7 +7,7 @@ msgid ""
1306 msgstr ""
1307 "Project-Id-Version: openssh\n"
1308 "Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
1309-"POT-Creation-Date: 2014-03-20 02:06+0000\n"
1310+"POT-Creation-Date: 2022-09-23 19:34+0000\n"
1311 "PO-Revision-Date: 2014-10-03 23:54+0200\n"
1312 "Last-Translator: Frans Spiesschaert <Frans.Spiesschaert@yucom.be>\n"
1313 "Language-Team: Debian Dutch l10n Team <debian-l10n-dutch@lists.debian.org>\n"
1314@@ -58,3 +58,28 @@ msgstr ""
1315 "ingesteld werden vanuit de verwachting dat de systeembeheerder SSH kan "
1316 "gebruiken met authenticatie via wachtwoord. Enkel wanneer u dit laatste niet "
1317 "nodig heeft, zou u deze wijziging kunnen doorvoeren."
1318+
1319+#. Type: error
1320+#. Description
1321+#: ../openssh-server.templates:3001
1322+msgid "Not migrating to socket activation"
1323+msgstr ""
1324+
1325+#. Type: error
1326+#. Description
1327+#: ../openssh-server.templates:3001
1328+msgid ""
1329+"This version of openssh-server uses socket-based activation by default. "
1330+"However, because you have more than one ListenAddress configured in "
1331+"sshd_config, it is impossible to determine at upgrade time if migrating you "
1332+"to socket-based activation would cause the starting of sshd at boot to be "
1333+"unreliable."
1334+msgstr ""
1335+
1336+#. Type: error
1337+#. Description
1338+#: ../openssh-server.templates:3001
1339+msgid ""
1340+"Because a failure to start ssh may make it impossible to admininister a "
1341+"system, you will not be migrated to socket-based activation at this time."
1342+msgstr ""
1343diff --git a/debian/po/pt.po b/debian/po/pt.po
1344index 2dab84c..8f51af9 100644
1345--- a/debian/po/pt.po
1346+++ b/debian/po/pt.po
1347@@ -7,7 +7,7 @@ msgid ""
1348 msgstr ""
1349 "Project-Id-Version: openssh 1:6.6p1-1\n"
1350 "Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
1351-"POT-Creation-Date: 2014-03-20 02:06+0000\n"
1352+"POT-Creation-Date: 2022-09-23 19:34+0000\n"
1353 "PO-Revision-Date: 2014-03-21 21:13+0000\n"
1354 "Last-Translator: Américo Monteiro <a_monteiro@gmx.com>\n"
1355 "Language-Team: Portuguese <traduz@debianpt.org>\n"
1356@@ -57,3 +57,28 @@ msgstr ""
1357 "configurados com a expectativa de serem capazes de SSH como root usando "
1358 "autenticação por palavra-passe. Apenas deverá fazer esta alteração se não "
1359 "precisa de tal método de autenticação."
1360+
1361+#. Type: error
1362+#. Description
1363+#: ../openssh-server.templates:3001
1364+msgid "Not migrating to socket activation"
1365+msgstr ""
1366+
1367+#. Type: error
1368+#. Description
1369+#: ../openssh-server.templates:3001
1370+msgid ""
1371+"This version of openssh-server uses socket-based activation by default. "
1372+"However, because you have more than one ListenAddress configured in "
1373+"sshd_config, it is impossible to determine at upgrade time if migrating you "
1374+"to socket-based activation would cause the starting of sshd at boot to be "
1375+"unreliable."
1376+msgstr ""
1377+
1378+#. Type: error
1379+#. Description
1380+#: ../openssh-server.templates:3001
1381+msgid ""
1382+"Because a failure to start ssh may make it impossible to admininister a "
1383+"system, you will not be migrated to socket-based activation at this time."
1384+msgstr ""
1385diff --git a/debian/po/pt_BR.po b/debian/po/pt_BR.po
1386index 99b1182..98856bb 100644
1387--- a/debian/po/pt_BR.po
1388+++ b/debian/po/pt_BR.po
1389@@ -8,7 +8,7 @@ msgid ""
1390 msgstr ""
1391 "Project-Id-Version: openssh\n"
1392 "Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
1393-"POT-Creation-Date: 2014-03-20 02:06+0000\n"
1394+"POT-Creation-Date: 2022-09-23 19:34+0000\n"
1395 "PO-Revision-Date: 2014-11-23 23:49-0200\n"
1396 "Last-Translator: José de Figueiredo <deb.gnulinux@gmail.com>\n"
1397 "Language-Team: Brazilian Portuguese <debian-l10n-portuguese@lists.debian."
1398@@ -55,3 +55,28 @@ msgstr ""
1399 "Entretanto, ela pode quebrar sistemas que foram configurados com a "
1400 "expectativa de acesso SSH com root usando autenticação por senha. Você deve "
1401 "fazer esta mudança somente se você não precisa fazer isso."
1402+
1403+#. Type: error
1404+#. Description
1405+#: ../openssh-server.templates:3001
1406+msgid "Not migrating to socket activation"
1407+msgstr ""
1408+
1409+#. Type: error
1410+#. Description
1411+#: ../openssh-server.templates:3001
1412+msgid ""
1413+"This version of openssh-server uses socket-based activation by default. "
1414+"However, because you have more than one ListenAddress configured in "
1415+"sshd_config, it is impossible to determine at upgrade time if migrating you "
1416+"to socket-based activation would cause the starting of sshd at boot to be "
1417+"unreliable."
1418+msgstr ""
1419+
1420+#. Type: error
1421+#. Description
1422+#: ../openssh-server.templates:3001
1423+msgid ""
1424+"Because a failure to start ssh may make it impossible to admininister a "
1425+"system, you will not be migrated to socket-based activation at this time."
1426+msgstr ""
1427diff --git a/debian/po/ru.po b/debian/po/ru.po
1428index f2e1daf..3fa193c 100644
1429--- a/debian/po/ru.po
1430+++ b/debian/po/ru.po
1431@@ -6,7 +6,7 @@ msgid ""
1432 msgstr ""
1433 "Project-Id-Version: openssh 1:6.6p1-1\n"
1434 "Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
1435-"POT-Creation-Date: 2014-03-20 02:06+0000\n"
1436+"POT-Creation-Date: 2022-09-23 19:34+0000\n"
1437 "PO-Revision-Date: 2014-03-22 10:04+0400\n"
1438 "Last-Translator: Yuri Kozlov <yuray@komyakino.ru>\n"
1439 "Language-Team: Russian <debian-l10n-russian@lists.debian.org>\n"
1440@@ -14,8 +14,8 @@ msgstr ""
1441 "MIME-Version: 1.0\n"
1442 "Content-Type: text/plain; charset=UTF-8\n"
1443 "Content-Transfer-Encoding: 8bit\n"
1444-"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
1445-"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
1446+"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && "
1447+"n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
1448 "X-Generator: Lokalize 1.4\n"
1449
1450 #. Type: boolean
1451@@ -55,3 +55,28 @@ msgstr ""
1452 "атак). Однако, это вредит системам, в которых специально настроен вход для "
1453 "root по SSH с парольной аутентификацией. Если это не ваш случай, то ответьте "
1454 "утвердительно."
1455+
1456+#. Type: error
1457+#. Description
1458+#: ../openssh-server.templates:3001
1459+msgid "Not migrating to socket activation"
1460+msgstr ""
1461+
1462+#. Type: error
1463+#. Description
1464+#: ../openssh-server.templates:3001
1465+msgid ""
1466+"This version of openssh-server uses socket-based activation by default. "
1467+"However, because you have more than one ListenAddress configured in "
1468+"sshd_config, it is impossible to determine at upgrade time if migrating you "
1469+"to socket-based activation would cause the starting of sshd at boot to be "
1470+"unreliable."
1471+msgstr ""
1472+
1473+#. Type: error
1474+#. Description
1475+#: ../openssh-server.templates:3001
1476+msgid ""
1477+"Because a failure to start ssh may make it impossible to admininister a "
1478+"system, you will not be migrated to socket-based activation at this time."
1479+msgstr ""
1480diff --git a/debian/po/sv.po b/debian/po/sv.po
1481index 278b0cc..296e611 100644
1482--- a/debian/po/sv.po
1483+++ b/debian/po/sv.po
1484@@ -8,7 +8,7 @@ msgid ""
1485 msgstr ""
1486 "Project-Id-Version: openssh\n"
1487 "Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
1488-"POT-Creation-Date: 2014-03-20 02:06+0000\n"
1489+"POT-Creation-Date: 2022-09-23 19:34+0000\n"
1490 "PO-Revision-Date: 2014-03-21 21:36+0100\n"
1491 "Last-Translator: Andreas Rönnquist <gusnan@gusnan.se>\n"
1492 "Language-Team: Swedish\n"
1493@@ -56,3 +56,28 @@ msgstr ""
1494 "sådana angrepp). Dock så kan detta förstöra system som förväntas kunna "
1495 "använda SSH som root med hjälp av lösenordsautentisering. Du skall endast "
1496 "göra denna förändring om du inte har ett behov av att kunna göra detta."
1497+
1498+#. Type: error
1499+#. Description
1500+#: ../openssh-server.templates:3001
1501+msgid "Not migrating to socket activation"
1502+msgstr ""
1503+
1504+#. Type: error
1505+#. Description
1506+#: ../openssh-server.templates:3001
1507+msgid ""
1508+"This version of openssh-server uses socket-based activation by default. "
1509+"However, because you have more than one ListenAddress configured in "
1510+"sshd_config, it is impossible to determine at upgrade time if migrating you "
1511+"to socket-based activation would cause the starting of sshd at boot to be "
1512+"unreliable."
1513+msgstr ""
1514+
1515+#. Type: error
1516+#. Description
1517+#: ../openssh-server.templates:3001
1518+msgid ""
1519+"Because a failure to start ssh may make it impossible to admininister a "
1520+"system, you will not be migrated to socket-based activation at this time."
1521+msgstr ""
1522diff --git a/debian/po/templates.pot b/debian/po/templates.pot
1523index 47c9e36..c9dc5ba 100644
1524--- a/debian/po/templates.pot
1525+++ b/debian/po/templates.pot
1526@@ -1,6 +1,6 @@
1527 # SOME DESCRIPTIVE TITLE.
1528 # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
1529-# This file is distributed under the same license as the PACKAGE package.
1530+# This file is distributed under the same license as the openssh package.
1531 # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
1532 #
1533 #, fuzzy
1534@@ -8,7 +8,7 @@ msgid ""
1535 msgstr ""
1536 "Project-Id-Version: openssh\n"
1537 "Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
1538-"POT-Creation-Date: 2014-03-20 02:06+0000\n"
1539+"POT-Creation-Date: 2022-09-23 19:34+0000\n"
1540 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
1541 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
1542 "Language-Team: LANGUAGE <LL@li.org>\n"
1543@@ -44,3 +44,28 @@ msgid ""
1544 "able to SSH as root using password authentication. You should only make this "
1545 "change if you do not need to do that."
1546 msgstr ""
1547+
1548+#. Type: error
1549+#. Description
1550+#: ../openssh-server.templates:3001
1551+msgid "Not migrating to socket activation"
1552+msgstr ""
1553+
1554+#. Type: error
1555+#. Description
1556+#: ../openssh-server.templates:3001
1557+msgid ""
1558+"This version of openssh-server uses socket-based activation by default. "
1559+"However, because you have more than one ListenAddress configured in "
1560+"sshd_config, it is impossible to determine at upgrade time if migrating you "
1561+"to socket-based activation would cause the starting of sshd at boot to be "
1562+"unreliable."
1563+msgstr ""
1564+
1565+#. Type: error
1566+#. Description
1567+#: ../openssh-server.templates:3001
1568+msgid ""
1569+"Because a failure to start ssh may make it impossible to admininister a "
1570+"system, you will not be migrated to socket-based activation at this time."
1571+msgstr ""
1572diff --git a/debian/po/tr.po b/debian/po/tr.po
1573index 1ada041..fd6bde5 100644
1574--- a/debian/po/tr.po
1575+++ b/debian/po/tr.po
1576@@ -7,15 +7,15 @@ msgid ""
1577 msgstr ""
1578 "Project-Id-Version: openssh-server\n"
1579 "Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
1580-"POT-Creation-Date: 2014-03-20 02:06+0000\n"
1581+"POT-Creation-Date: 2022-09-23 19:34+0000\n"
1582 "PO-Revision-Date: 2014-08-01 14:44+0200\n"
1583 "Last-Translator: Mert Dirik <mertdirik@gmail.com>\n"
1584 "Language-Team: Debian L10n Turkish <debian-l10n-turkish@lists.debian.org>\n"
1585+"Language: tr\n"
1586 "MIME-Version: 1.0\n"
1587 "Content-Type: text/plain; charset=UTF-8\n"
1588 "Content-Transfer-Encoding: 8bit\n"
1589 "X-Generator: Poedit 1.5.4\n"
1590-"Language: tr\n"
1591
1592 #. Type: boolean
1593 #. Description
1594@@ -56,3 +56,28 @@ msgstr ""
1595 "parola doğrulama yöntemiyle oturum açılabileceği varsayımıyla hareket eden "
1596 "sistemlerde eskiden çalışan düzenin bozulmasına sebep olacaktır. Bu "
1597 "değişikliği yalnızca sorun çıkarmayacağından eminseniz yapın."
1598+
1599+#. Type: error
1600+#. Description
1601+#: ../openssh-server.templates:3001
1602+msgid "Not migrating to socket activation"
1603+msgstr ""
1604+
1605+#. Type: error
1606+#. Description
1607+#: ../openssh-server.templates:3001
1608+msgid ""
1609+"This version of openssh-server uses socket-based activation by default. "
1610+"However, because you have more than one ListenAddress configured in "
1611+"sshd_config, it is impossible to determine at upgrade time if migrating you "
1612+"to socket-based activation would cause the starting of sshd at boot to be "
1613+"unreliable."
1614+msgstr ""
1615+
1616+#. Type: error
1617+#. Description
1618+#: ../openssh-server.templates:3001
1619+msgid ""
1620+"Because a failure to start ssh may make it impossible to admininister a "
1621+"system, you will not be migrated to socket-based activation at this time."
1622+msgstr ""
1623diff --git a/debian/rules b/debian/rules
1624index 929da55..fec93b5 100755
1625--- a/debian/rules
1626+++ b/debian/rules
1627@@ -189,8 +189,9 @@ override_dh_installinit:
1628 dh_installinit -R --name ssh
1629
1630 override_dh_installsystemd:
1631- dh_installsystemd -popenssh-server ssh.service rescue-ssh.target
1632- dh_installsystemd -popenssh-server --no-enable ssh.socket
1633+ dh_installsystemd -popenssh-server --no-start --no-stop-on-upgrade ssh.socket
1634+ dh_installsystemd -popenssh-server rescue-ssh.target
1635+ dh_installsystemd -popenssh-server --no-enable --no-start ssh.service
1636
1637 debian/openssh-server.sshd.pam: debian/openssh-server.sshd.pam.in
1638 ifeq ($(DEB_HOST_ARCH_OS),linux)
1639diff --git a/debian/systemd/ssh.service b/debian/systemd/ssh.service
1640index 7495d9a..a18105b 100644
1641--- a/debian/systemd/ssh.service
1642+++ b/debian/systemd/ssh.service
1643@@ -14,8 +14,6 @@ KillMode=process
1644 Restart=on-failure
1645 RestartPreventExitStatus=255
1646 Type=notify
1647-RuntimeDirectory=sshd
1648-RuntimeDirectoryMode=0755
1649
1650 [Install]
1651 WantedBy=multi-user.target
1652diff --git a/debian/tests/control b/debian/tests/control
1653index 8bc480a..1b2a1cd 100644
1654--- a/debian/tests/control
1655+++ b/debian/tests/control
1656@@ -8,3 +8,9 @@ Depends: devscripts,
1657 python3-twisted,
1658 sudo,
1659 sysvinit-utils,
1660+
1661+Tests: systemd-socket-activation
1662+Restrictions: needs-root allow-stderr needs-reboot
1663+Depends: openssh-client,
1664+ openssh-server,
1665+ systemd,
1666diff --git a/debian/tests/systemd-socket-activation b/debian/tests/systemd-socket-activation
1667new file mode 100644
1668index 0000000..b33922c
1669--- /dev/null
1670+++ b/debian/tests/systemd-socket-activation
1671@@ -0,0 +1,62 @@
1672+#!/bin/bash
1673+
1674+set -euo pipefail
1675+
1676+# LP: #2020474 - we may need to reboot the testbed to finish the openssh-server package upgrade.
1677+if grep -Fqsx openssh-server /run/reboot-required.pkgs && [[ -z "${AUTOPKGTEST_REBOOT_MARK:-""}" ]]; then
1678+ /tmp/autopkgtest-reboot 1
1679+fi
1680+
1681+assert_unit_property() {
1682+ local property="$(echo "$2" | awk -F'=' '{print $1}')"
1683+
1684+ local expect="$2"
1685+ local actual="$(systemctl show -p "$property" "$1")"
1686+
1687+ if [[ "$actual" != "$expect" ]]; then
1688+ echo "Fail: $1: expected $expect, but got $actual"
1689+ return 1
1690+ fi
1691+}
1692+
1693+# Generate RSA key and add it to this user's authorized keys.
1694+ssh-keygen -t rsa -N "" -f "$HOME/.ssh/id_rsa" -q
1695+if [[ -f ~/.ssh/authorized_keys ]]; then
1696+ touch ~/.ssh/authorized_keys
1697+ chmod 0600 ~/.ssh/authorized_keys
1698+fi
1699+cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
1700+
1701+# Make sure ssh.service is not running.
1702+echo "Stopping ssh.service..."
1703+systemctl stop ssh.service 2>/dev/null
1704+
1705+# Check that ssh.socket is active and listening.
1706+echo "Checking that ssh.socket is active and listening..."
1707+assert_unit_property ssh.socket "ActiveState=active"
1708+assert_unit_property ssh.socket "SubState=listening"
1709+
1710+# Check that ssh.service is currently inactive/dead.
1711+echo "Checking that ssh.service is inactive/dead..."
1712+assert_unit_property ssh.service "ActiveState=inactive"
1713+assert_unit_property ssh.service "SubState=dead"
1714+
1715+# Check that a connection attempt successfully activates ssh.service.
1716+echo "Checking that a connection attempt activates ssh.service..."
1717+ssh -oStrictHostKeyChecking=no localhost -- /usr/bin/true
1718+assert_unit_property ssh.service "ActiveState=active"
1719+assert_unit_property ssh.service "SubState=running"
1720+
1721+# Check that we can re-execute sshd via systemctl reload.
1722+echo "Checking that sshd can be re-executed..."
1723+systemctl reload ssh.service
1724+assert_unit_property ssh.service "ActiveState=active"
1725+assert_unit_property ssh.service "SubState=running"
1726+
1727+# Check that we can run sshd in debug mode.
1728+echo "Checking sshd can run in debug mode..."
1729+systemctl stop ssh.service 2>/dev/null
1730+sed -i 's/^SSHD_OPTS=.*/SSHD_OPTS=-ddd/g' /etc/default/ssh
1731+ssh -oStrictHostKeyChecking=no localhost -- /usr/bin/true
1732+
1733+echo "Done."

Subscribers

People subscribed via source and target branches