1
diff --git a/debian/README.Debian b/debian/README.Debian
2
index 8067852..70c588f 100644
3
--- a/debian/README.Debian
4
+++ b/debian/README.Debian
5
@@ -186,27 +186,26 @@ Socket-based activation with systemd
6
186
186
7
187
By default, socket-based activation is used on systems that use systemd.
187
By default, socket-based activation is used on systems that use systemd.
8
188
188
18
189
The provided ssh.socket unit file sets ListenStream=22.  If you need to have
189
The provided ssh.socket unit file sets ListenStream=22. A systemd generator,
19
190
it listen on a different address or port, then you will need to do this as
190
sshd-socket-generator, parses the sshd configuration and, if non-default
20
191
follows (modifying ListenStream to match your requirements):
191
ListenAddress(s) or Port(s) are configured, generates corresponding
21
192
192
ListenStream= lines in a drop-in configration file for ssh.socket. To change
22
193
  mkdir -p /etc/systemd/system/ssh.socket.d
193
the port or address ssh.socket is listening on, edit /etc/ssh/sshd_config (or
23
194
  cat >/etc/systemd/system/ssh.socket.d/listen.conf <<EOF
194
add a drop-in file to /etc/ssh/sshd_config.d/) as usual and then run:
24
195
  [Socket]
195
16
196
  ListenStream=2222
17
197
  EOF
25
198
  systemctl daemon-reload
196
  systemctl daemon-reload
26
199
  systemctl restart ssh.socket
197
  systemctl restart ssh.socket
27
200
198
28
201
See systemd.socket(5) for details.
199
See systemd.socket(5) for details.
29
202
200
30
203
If you do not want to use socket activation for ssh on your system, you
201
If you do not want to use socket activation for ssh on your system, you
32
204
can disable socket activation by running:
202
can disable socket activation by masking the generator and re-enabling
33
203
ssh.service:
34
205
204
38
206
  systemctl disable --now ssh.socket
205
  mkdir -p /etc/systemd/system-generators/
39
207
  rm -f /etc/systemd/system/ssh.service.d/00-socket.conf
206
  ln -s /dev/null /etc/systemd/system-generators/sshd-socket-generator
37
208
  rm -f /etc/systemd/system/ssh.socket.d/addresses.conf
40
209
  systemctl daemon-reload
207
  systemctl daemon-reload
41
208
  systemctl disable --now ssh.socket
42
210
  systemctl enable --now ssh.service
209
  systemctl enable --now ssh.service
43
211
210
44
212
Terminating SSH sessions cleanly on shutdown/reboot with systemd
211
Terminating SSH sessions cleanly on shutdown/reboot with systemd
45
diff --git a/debian/changelog b/debian/changelog
46
index eaaedcc..68dc34f 100644
47
--- a/debian/changelog
48
+++ b/debian/changelog
49
@@ -1,3 +1,30 @@
50
1
openssh (1:9.6p1-3ubuntu3) noble; urgency=medium
51
2
52
3
  * Add sshd-socket-generator to generate ssh.socket drop-in configuration
53
4
    instead of doing one-time generation on package upgrade:
54
5
    - debian/control: Build-Depends: systemd-dev
55
6
    - d/p/sshd-socket-generator.patch: add generator for socket activation
56
7
    - debian/openssh-server.install: install sshd-socket-generator
57
8
    - debian/openssh-server.postinst: handle migration to sshd-socket-generator
58
9
    - d/t/sshd-socket-generator: add dep8 test for sshd-socket-generator
59
10
    - ssh.socket: adjust unit for socket activation by default
60
11
    - debian/README.Debian: update ssh.socket documentation
61
12
    - debian/rules: explicitly enable LTO
62
13
      The armhf build was not using LTO, which made sshd-socket-generator FTBFS.
63
14
      This change ensures that all arches are using LTO.
64
15
  * Drop the following changes related to previous ssh socket activation approach:
65
16
    - debian/openssh-server.postrm: remove systemd drop-ins for
66
17
      socket-activated sshd on purge
67
18
    - debian/openssh-server.templates: include debconf prompt explaining
68
19
      when migration cannot happen due to multiple ListenAddress values
69
20
    - debian/openssh-server.postinst: handle migration of sshd_config options
70
21
      to systemd socket options on upgrade.
71
22
    - debian/patches/socket-activation-documentation.patch: Document in
72
23
      sshd_config(5) that ListenAddress and Port no longer work.
73
24
  * debian/openssh-server.ucf-md5sum: update for new Ubuntu delta
74
25
75
26
 -- Nick Rosbrook <enr0n@ubuntu.com>  Wed, 21 Feb 2024 12:51:30 -0500
76
27
77
1
openssh (1:9.6p1-3ubuntu2) noble; urgency=medium
28
openssh (1:9.6p1-3ubuntu2) noble; urgency=medium
78
2
29
79
3
  [ Marco Trevisan (Treviño) ]
30
  [ Marco Trevisan (Treviño) ]
80
diff --git a/debian/control b/debian/control
81
index e93b516..58e9a89 100644
82
--- a/debian/control
83
+++ b/debian/control
84
@@ -20,6 +20,7 @@ Build-Depends: debhelper (>= 13.1~),
85
20
               libwrap0-dev | libwrap-dev,
20
               libwrap0-dev | libwrap-dev,
86
21
               pkg-config,
21
               pkg-config,
87
22
               zlib1g-dev,
22
               zlib1g-dev,
88
23
               systemd-dev,
89
23
Standards-Version: 4.6.2
24
Standards-Version: 4.6.2
90
24
Uploaders: Colin Watson <cjwatson@debian.org>,
25
Uploaders: Colin Watson <cjwatson@debian.org>,
91
25
           Matthew Vernon <matthew@debian.org>,
26
           Matthew Vernon <matthew@debian.org>,
92
diff --git a/debian/openssh-server.install b/debian/openssh-server.install
93
index cf86dce..9942604 100755
94
--- a/debian/openssh-server.install
95
+++ b/debian/openssh-server.install
96
@@ -19,3 +19,5 @@ debian/systemd/ssh-session-cleanup usr/lib/openssh
97
19
# dh_apport would be neater, but at the time of writing it isn't in unstable
19
# dh_apport would be neater, but at the time of writing it isn't in unstable
98
20
# yet.
20
# yet.
99
21
debian/openssh-server.apport => usr/share/apport/package-hooks/openssh-server.py
21
debian/openssh-server.apport => usr/share/apport/package-hooks/openssh-server.py
100
22
101
23
usr/lib/systemd/system-generators/sshd-socket-generator
102
diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst
103
index cb9a301..251f11c 100644
104
--- a/debian/openssh-server.postinst
105
+++ b/debian/openssh-server.postinst
106
@@ -17,87 +17,6 @@ get_config_option() {
107
17
	/usr/sbin/sshd -G | sed -n "s/^$option //Ip"
17
	/usr/sbin/sshd -G | sed -n "s/^$option //Ip"
108
18
}
18
}
109
19
19
110
20
get_config_option_all() {
111
21
	option="$1"
112
22
	file="$2"
113
23
114
24
	if [ -z "$file" ]; then
115
25
		file=/etc/ssh/sshd_config
116
26
	fi
117
27
118
28
	[ -f "$file" ] || return 0
119
29
	# ListenAddress and Port only take a single word argument so anything
120
30
	# after this must be a comment
121
31
	while read option2 value junk; do
122
32
		case $option2 in
123
33
			$option)
124
34
				echo $value
125
35
				;;
126
36
			Include)
127
37
				# globs
128
38
				for f in $value; do
129
39
					get_config_option_all "$option" "$f"
130
40
				done
131
41
				;;
132
42
		esac
133
43
	done < $file
134
44
}
135
45
136
46
hostnames_to_addresses() {
137
47
	addresses="$1"
138
48
	for address in $addresses; do
139
49
		address_no_port="$(address_strip_port $address)"
140
50
		if echo "$address_no_port" | grep -q '^[0-9a-f:]\+$\|^[0-9.]\+$'; then
141
51
			numeric_addresses="$numeric_addresses $address"
142
52
		else
143
53
			new_addresses=$( (getent ahostsv4 $address_no_port;
144
54
			                  getent ahostsv6 $address_no_port) \
145
55
			   | awk '$1 ~ /^::ffff:/ || $2 != "STREAM" { next; }
146
56
			          $1 ~ /:/ { print "[" $1 "]"; next; }
147
57
			          { print $1 }' \
148
58
			   | sort -u)
149
59
			port="$(port_from_address $address)"
150
60
			if [ -n "$port" ]; then
151
61
				new_addresses="$(for addr in $new_addresses; do echo $addr:$port; done)"
152
62
			fi
153
63
			numeric_addresses="$numeric_addresses $new_addresses"
154
64
		fi
155
65
	done
156
66
	echo "$numeric_addresses"
157
67
}
158
68
159
69
port_from_address() {
160
70
        address="$1"
161
71
        if echo $address | grep -q '^\[[0-9a-f:]*\]:'; then
162
72
                # This is an IPv6 address with a port.
163
73
                port="$(echo $address | awk -F':' '{print $NF}')"
164
74
        elif echo $address | grep -q '^\[[0-9a-f:]*\]\+$\|^[0-9a-f:]\+$'; then
165
75
                # This is an IPv6 address without a port.
166
76
                port=""
167
77
        else
168
78
                # This is an IPv4 address or hostname, where the port
169
79
                # may or may not be specified.
170
80
                port="$(echo $address | awk -F':' '{print $2}')"
171
81
        fi
172
82
        echo "$port"
173
83
}
174
84
175
85
address_strip_port() {
176
86
        address="$1"
177
87
        if echo $address | grep -q '^\[[0-9a-f:]*\]\(:\|$\)'; then
178
88
                # This is an IPv6 address in brackets, with or without a port.
179
89
                address_no_port="$(echo $address | awk -F '[][]' '{print $2}')"
180
90
        elif echo $address | grep -q '^[0-9a-f:]\+$'; then
181
91
                # This is an IPv6 address with no brackets and no port.
182
92
                address_no_port="$address"
183
93
        else
184
94
                # This is an IPv4 address or hostname, where the port
185
95
                # may or may not be specified.
186
96
                address_no_port="$(echo $address | awk -F':' '{print $1}')"
187
97
        fi
188
98
        echo "$address_no_port"
189
99
}
190
100
191
101
20
192
102
create_key() {
21
create_key() {
193
103
	msg="$1"
22
	msg="$1"
194
@@ -211,102 +130,39 @@ if [ "$action" = configure ]; then
195
211
	    # which we now move back into place.
130
	    # which we now move back into place.
196
212
	    mv /etc/ssh/moduli.dpkg-bak /etc/ssh/moduli
131
	    mv /etc/ssh/moduli.dpkg-bak /etc/ssh/moduli
197
213
	fi
132
	fi
283
214
	if dpkg --compare-versions "$2" lt-nl 1:9.0p1-1ubuntu8~
133
        if dpkg --compare-versions "$2" lt-nl 1:9.6p1-3ubuntu3~; then
284
215
	then
134
                # Remove old socket activation drop-in configurations, if they exist.
285
216
		# migrate to systemd socket activation.
135
                if [ -d /etc/systemd/system/ssh.socket.d ]; then
286
217
		addresses=$(get_config_option_all ListenAddress)
136
                        rm -f /etc/systemd/system/ssh.socket.d/addresses.conf
287
218
		addresses=$(hostnames_to_addresses "$addresses")
137
                        rmdir --ignore-fail-on-non-empty /etc/systemd/system/ssh.socket.d
288
219
		ports=$(get_config_option_all Port)
138
                fi
289
220
		if [ -n "$addresses$ports" ]
139
                if [ -d /etc/systemd/system/ssh.service.d ]; then
290
221
		then
140
                        rm -f /etc/systemd/system/ssh.service.d/00-socket.conf
291
222
			override_dir=/etc/systemd/system/ssh.socket.d
141
                        rmdir --ignore-fail-on-non-empty /etc/systemd/system/ssh.service.d
292
223
			mkdir -p "$override_dir"
142
                fi
293
224
			echo '[Socket]' > "$override_dir"/addresses.conf.new
143
                if [ -d /run/systemd/system ]; then
294
225
			echo 'ListenStream=' >> "$override_dir"/addresses.conf.new
144
                        # Make sure ssh.service is disabled.
295
226
		fi
145
                        systemctl unmask ssh.service
296
227
		if [ -n "$addresses" ]; then
146
                        systemctl disable --now ssh.service > /dev/null 2>&1
297
228
			[ -n "$ports" ] || ports=22
147
298
229
			count=0
148
                        # sshd-socket-generator is invoked on daemon-reload.
299
230
			for address in $addresses; do
149
                        systemctl daemon-reload
300
231
				count=$((count+1))
150
                        systemctl enable ssh.socket
301
232
				port_from_address="$(port_from_address $address)"
151
                fi
217
233
				if [ -z "$port_from_address" ]; then
218
234
					for port in $ports; do
219
235
						echo "ListenStream=$address:$port" \
220
236
						     >> "$override_dir"/addresses.conf.new
221
237
					done
222
238
				else
223
239
					echo "ListenStream=$address" \
224
240
					     >> "$override_dir"/addresses.conf.new
225
241
				fi
226
242
			done
227
243
			if [ $count -gt 1 ]; then
228
244
				db_input critical openssh-server/listenstream-may-fail || true
229
245
				db_go || true
230
246
				rm -f "$override_dir"/addresses.conf.new
231
247
				rmdir --ignore-fail-on-non-empty "$override_dir"
232
248
				NO_SOCKET_MIGRATION=1
233
249
			fi
234
250
		elif [ -n "$ports" ]; then
235
251
			for port in $ports; do
236
252
				echo "ListenStream=$port" \
237
253
				     >> "$override_dir"/addresses.conf.new
238
254
			done
239
255
		fi
240
256
241
257
		if [ -z "$NO_SOCKET_MIGRATION" ] && [ -n "$addresses$ports" ]
242
258
		then
243
259
                    mv "$override_dir"/addresses.conf.new \
244
260
                       "$override_dir"/addresses.conf
245
261
		fi
246
262
	fi
247
263
	if dpkg --compare-versions "$2" lt 1:9.0p1-1ubuntu5~; then
248
264
		if [ -z "$NO_SOCKET_MIGRATION" ]; then
249
265
			override_dir=/etc/systemd/system/ssh.service.d
250
266
			mkdir -p "$override_dir"
251
267
			echo '[Unit]' > "$override_dir"/00-socket.conf
252
268
			echo 'After=ssh.socket' >> "$override_dir"/00-socket.conf
253
269
			echo 'Requires=ssh.socket' >> "$override_dir"/00-socket.conf
254
270
255
271
			# deb-systemd-helper is inadequate for the task of
256
272
			# changing policy for the units on upgrade
257
273
			if [ -d /run/systemd/system ]; then
258
274
				systemctl daemon-reload
259
275
				systemctl disable ssh.service
260
276
				systemctl unmask ssh.service
261
277
				systemctl stop ssh.service
262
278
				systemctl enable ssh.socket
263
279
			fi
264
280
		fi
265
281
	fi
266
282
267
283
        # Revert socket migration if we can determine the user hit
268
284
        # LP: #1993478.
269
285
        if dpkg --compare-versions "$2" lt-nl 1:9.0p1-1ubuntu7~ \
270
286
           && [ -e /etc/systemd/system/ssh.socket.d/addresses.conf ] \
271
287
           && [ -e /etc/systemd/system/ssh.service.d/00-socket.conf ] \
272
288
           && [ -n "$NO_SOCKET_MIGRATION" ]; then
273
289
                rm /etc/systemd/system/ssh.socket.d/addresses.conf
274
290
                rmdir --ignore-fail-on-non-empty /etc/systemd/system/ssh.socket.d
275
291
                rm /etc/systemd/system/ssh.service.d/00-socket.conf
276
292
                rmdir --ignore-fail-on-non-empty /etc/systemd/system/ssh.service.d
277
293
		if [ -d /run/systemd/system ]; then
278
294
			systemctl daemon-reload
279
295
			systemctl disable ssh.socket
280
296
			systemctl stop ssh.socket
281
297
			systemctl enable ssh.service
282
298
		fi
302
299
        fi
152
        fi
303
300
fi
153
fi
304
301
154
305
302
#DEBHELPER#
155
#DEBHELPER#
306
303
156
307
304
if [ -d /run/systemd/system ]; then
157
if [ -d /run/systemd/system ]; then
313
305
	if deb-systemd-helper --quiet was-enabled ssh.socket; then
158
        # sshd-socket-generator is invoked on daemon-reload.
314
306
		deb-systemd-invoke restart ssh.socket
159
        systemctl daemon-reload
315
307
	elif deb-systemd-helper --quiet was-enabled ssh.service; then
160
316
308
		deb-systemd-invoke restart ssh.service
161
        if deb-systemd-helper --quiet was-enabled ssh.socket; then
317
309
	fi
162
                deb-systemd-invoke restart ssh.socket
318
163
        elif deb-systemd-helper --quiet was-enabled ssh.service; then
319
164
                deb-systemd-invoke restart ssh.service
320
165
        fi
321
310
fi
166
fi
322
311
167
323
312
db_stop
168
db_stop
324
diff --git a/debian/openssh-server.postrm b/debian/openssh-server.postrm
325
index 46798dd..fbaeb17 100644
326
--- a/debian/openssh-server.postrm
327
+++ b/debian/openssh-server.postrm
328
@@ -23,10 +23,6 @@ case $1 in
329
23
		if command -v ucfr >/dev/null 2>&1; then
23
		if command -v ucfr >/dev/null 2>&1; then
330
24
			ucfr --purge openssh-server /etc/ssh/sshd_config
24
			ucfr --purge openssh-server /etc/ssh/sshd_config
331
25
		fi
25
		fi
332
26
		rm -f /etc/systemd/system/ssh.service.d/00-socket.conf
333
27
		rm -f /etc/systemd/system/ssh.socket.d/addresses.conf
334
28
		rmdir /etc/systemd/system/ssh.service.d || true
335
29
		rmdir /etc/systemd/system/ssh.socket.d || true
336
30
		rm -f /etc/ssh/sshd_not_to_be_run
26
		rm -f /etc/ssh/sshd_not_to_be_run
337
31
		[ ! -d /etc/ssh ] || rmdir --ignore-fail-on-non-empty /etc/ssh
27
		[ ! -d /etc/ssh ] || rmdir --ignore-fail-on-non-empty /etc/ssh
338
32
28
339
diff --git a/debian/openssh-server.templates b/debian/openssh-server.templates
340
index 31f2935..e071fe3 100644
341
--- a/debian/openssh-server.templates
342
+++ b/debian/openssh-server.templates
343
@@ -21,15 +21,3 @@ Description: Allow password authentication?
344
21
 By default, the SSH server will allow authenticating using a password.
21
 By default, the SSH server will allow authenticating using a password.
345
22
 You may want to change this if all users on this system authenticate using
22
 You may want to change this if all users on this system authenticate using
346
23
 a stronger authentication method, such as public keys.
23
 a stronger authentication method, such as public keys.
347
24
348
25
Template: openssh-server/listenstream-may-fail
349
26
Type: error
350
27
_Description: Not migrating to socket activation
351
28
 This version of openssh-server uses socket-based activation by default.
352
29
 However, because you have more than one ListenAddress configured in
353
30
 sshd_config, it is impossible to determine at upgrade time if migrating
354
31
 you to socket-based activation would cause the starting of sshd at boot
355
32
 to be unreliable.
356
33
 .
357
34
 Because a failure to start ssh may make it impossible to admininister a
358
35
 system, you will not be migrated to socket-based activation at this time.
359
diff --git a/debian/openssh-server.ucf-md5sum b/debian/openssh-server.ucf-md5sum
360
index 9a8efb6..b2c0ac3 100644
361
--- a/debian/openssh-server.ucf-md5sum
362
+++ b/debian/openssh-server.ucf-md5sum
363
@@ -132,3 +132,9 @@ fac56840f6697a357368bb878dd8fb87
364
132
d01da8c9de75176095712d4e37d5dcd5
132
d01da8c9de75176095712d4e37d5dcd5
365
133
e4898846045f33b8d99d3263d6f6fd81
133
e4898846045f33b8d99d3263d6f6fd81
366
134
ec46dc59ba9c9e9458add405264fcedd
134
ec46dc59ba9c9e9458add405264fcedd
367
135
368
136
# From 1:9.6p1-3ubuntu3
369
137
b8e751f62cf86a18bc30cdaae494b03f
370
138
b89c8626d43128cdb233536439e00566
371
139
5f589fb3658df8cb7cce8505cf821e40
372
140
8d7588b06f81ef23bea8d84442af8e68
373
diff --git a/debian/patches/series b/debian/patches/series
374
index aba5430..3d5c5c8 100644
375
--- a/debian/patches/series
376
+++ b/debian/patches/series
377
@@ -26,10 +26,10 @@ maxhostnamelen.patch
378
26
conch-ssh-rsa.patch
26
conch-ssh-rsa.patch
379
27
systemd-socket-activation.patch
27
systemd-socket-activation.patch
380
28
broken-zero-call-used-regs.patch
28
broken-zero-call-used-regs.patch
381
29
socket-activation-documentation.patch
382
30
test-set-UsePAM-no-on-some-tests.patch
29
test-set-UsePAM-no-on-some-tests.patch
383
31
auth-Add-KbdintResult-definition-to-define-result-values-.patch
30
auth-Add-KbdintResult-definition-to-define-result-values-.patch
384
32
auth-pam-Add-an-enum-to-define-the-PAM-done-status.patch
31
auth-pam-Add-an-enum-to-define-the-PAM-done-status.patch
385
33
auth-pam-Add-debugging-information-when-we-receive-PAM-me.patch
32
auth-pam-Add-debugging-information-when-we-receive-PAM-me.patch
386
34
auth-pam-Immediately-report-interactive-instructions-to-c.patch
33
auth-pam-Immediately-report-interactive-instructions-to-c.patch
387
35
sshconnect2-Write-kbd-interactive-service-info-and-instru.patch
34
sshconnect2-Write-kbd-interactive-service-info-and-instru.patch
388
35
sshd-socket-generator.patch
389
diff --git a/debian/patches/socket-activation-documentation.patch b/debian/patches/socket-activation-documentation.patch
390
36
deleted file mode 100644
36
deleted file mode 100644
391
index 9afde55..0000000
392
--- a/debian/patches/socket-activation-documentation.patch
393
+++ /dev/null
394
@@ -1,50 +0,0 @@
395
1
Index: openssh-9.0p1/sshd_config.5
396
2
===================================================================
397
3
--- openssh-9.0p1.orig/sshd_config.5
398
4
+++ openssh-9.0p1/sshd_config.5
399
5
@@ -1069,6 +1069,15 @@
400
6
 Multiple
401
7
 .Cm ListenAddress
402
8
 options are permitted.
403
9
+.Pp
404
10
+.Cm Note:
405
11
+On Ubuntu, the openssh-server package is configured to use systemd
406
12
+socket-based activation by default.  Therefore if you are using systemd with
407
13
+the default configuration,
408
14
+.Cm ListenAddress
409
15
+options will not be honored.  Address configuration must be handled in
410
16
+.Pa /etc/systemd/system/ssh.socket.d
411
17
+instead.
412
18
 .It Cm LoginGraceTime
413
19
 The server disconnects after this time if the user has not
414
20
 successfully logged in.
415
21
@@ -1520,6 +1529,15 @@
416
22
 Multiple options of this type are permitted.
417
23
 See also
418
24
 .Cm ListenAddress .
419
25
+.Pp
420
26
+.Cm Note:
421
27
+On Ubuntu, the openssh-server package is configured to use systemd
422
28
+socket-based activation by default.  Therefore if you are using systemd with
423
29
+the default configuration,
424
30
+.Cm Port
425
31
+options will not be honored.  Address configuration must be handled in
426
32
+.Pa /etc/systemd/system/ssh.socket.d
427
33
+instead.
428
34
 .It Cm PrintLastLog
429
35
 Specifies whether
430
36
 .Xr sshd 8
431
37
Index: openssh-9.0p1/sshd_config
432
38
===================================================================
433
39
--- openssh-9.0p1.orig/sshd_config
434
40
+++ openssh-9.0p1/sshd_config
435
41
@@ -12,6 +12,9 @@
436
42
 
437
43
 Include /etc/ssh/sshd_config.d/*.conf
438
44
 
439
45
+# Port and ListenAddress options are not used when sshd is socket-activated,
440
46
+# which is now the default in Ubuntu.  See sshd_config(5) and
441
47
+# /usr/share/doc/openssh-server/README.Debian.gz for details.
442
48
 #Port 22
443
49
 #AddressFamily any
444
50
 #ListenAddress 0.0.0.0
445
diff --git a/debian/patches/sshd-socket-generator.patch b/debian/patches/sshd-socket-generator.patch
446
51
new file mode 100644
0
new file mode 100644
447
index 0000000..ae3692c
448
--- /dev/null
449
+++ b/debian/patches/sshd-socket-generator.patch
450
@@ -0,0 +1,363 @@
451
1
--- /dev/null
452
2
+++ b/sshd-socket-generator.c
453
3
@@ -0,0 +1,290 @@
454
4
+#include <errno.h>
455
5
+#include <linux/limits.h>
456
6
+#include <netdb.h>
457
7
+#include <stdbool.h>
458
8
+#include <stdio.h>
459
9
+#include <stdlib.h>
460
10
+#include <string.h>
461
11
+#include <sys/socket.h>
462
12
+#include <sys/stat.h>
463
13
+#include <sys/types.h>
464
14
+
465
15
+#include "includes.h"
466
16
+
467
17
+#include "hostfile.h"   /* Needs to be included before auth.h */
468
18
+#include "auth.h"
469
19
+#include "kex.h"
470
20
+#include "log.h"
471
21
+#include "misc.h"
472
22
+#include "monitor.h"
473
23
+#include "ssh-gss.h"    /* Needs to be included before monitor_wrap.h */
474
24
+#include "monitor_wrap.h"
475
25
+#include "pathnames.h"
476
26
+#include "servconf.h"
477
27
+#include "sshbuf.h"
478
28
+
479
29
+#define MAX_LISTEN_STREAMS      (16)
480
30
+#define MAX_LISTEN_STREAM_LEN   (NI_MAXHOST + NI_MAXSERV + sizeof("ListenAddress=[:]") + 1)
481
31
+typedef char listen_stream_set[MAX_LISTEN_STREAMS][MAX_LISTEN_STREAM_LEN];
482
32
+
483
33
+/* Global variables required for sshd config parsing. */
484
34
+ServerOptions options = {};
485
35
+struct sshbuf *cfg = NULL;
486
36
+struct include_list includes = TAILQ_HEAD_INITIALIZER(includes);
487
37
+
488
38
+/* Other global variables that are required for this to build, because of their
489
39
+ * use throughout the codebase. We do NOT use these variables for the
490
40
+ * generator. */
491
41
+Authctxt *the_authctxt = NULL;
492
42
+int privsep_is_preauth = 1;
493
43
+int use_privsep = -1;
494
44
+struct monitor *pmonitor = NULL;
495
45
+struct ssh *the_active_state = NULL;
496
46
+struct sshauthopt *auth_opts = NULL;
497
47
+struct sshbuf *loginmsg = NULL;
498
48
+
499
49
+static int listen_stream_set_append(listen_stream_set set, const char *listen_stream) {
500
50
+        size_t n;
501
51
+
502
52
+        if (!set)
503
53
+                return -EINVAL;
504
54
+
505
55
+        n = strnlen(listen_stream, MAX_LISTEN_STREAM_LEN);
506
56
+        if (n == MAX_LISTEN_STREAM_LEN)
507
57
+                return -EINVAL;
508
58
+
509
59
+        for (int i = 0; i < MAX_LISTEN_STREAMS; i++) {
510
60
+                if (strcmp(set[i], listen_stream) == 0)
511
61
+                        return 0;
512
62
+
513
63
+                if (strnlen(set[i], MAX_LISTEN_STREAM_LEN) > 0)
514
64
+                        continue;
515
65
+
516
66
+                memcpy(set[i], listen_stream, n);
517
67
+
518
68
+                return 0;
519
69
+        }
520
70
+
521
71
+        return -E2BIG;
522
72
+}
523
73
+
524
74
+static int listen_stream_set_len(listen_stream_set set) {
525
75
+        int r = 0;
526
76
+
527
77
+        if (!set)
528
78
+                return 0;
529
79
+
530
80
+        for (int i = 0; i < MAX_LISTEN_STREAMS; i++) {
531
81
+                if (strnlen(set[i], MAX_LISTEN_STREAM_LEN) > 0)
532
82
+                        r++;
533
83
+                else
534
84
+                        break;
535
85
+        }
536
86
+
537
87
+        return r;
538
88
+}
539
89
+
540
90
+static char *path_append(const char *base, const char *append) {
541
91
+        bool add_slash;
542
92
+        size_t n = 0, len_base, len_append;
543
93
+        char *path = NULL;
544
94
+
545
95
+        len_base = strnlen(base, PATH_MAX);
546
96
+        len_append = strnlen(append, PATH_MAX);
547
97
+        add_slash = base[len_base - 1] != '/';
548
98
+
549
99
+        path = calloc(len_base + len_append + (add_slash ? 2 : 1), sizeof(char));
550
100
+        if (!path)
551
101
+                return NULL;
552
102
+
553
103
+        memcpy(path, base, len_base);
554
104
+        n += len_base;
555
105
+
556
106
+        if (add_slash)
557
107
+                path[n++] = '/';
558
108
+
559
109
+        memcpy(path + n, append, len_append);
560
110
+        n += len_append;
561
111
+        path[n] = '\0';
562
112
+
563
113
+        return path;
564
114
+}
565
115
+
566
116
+static int fflush_and_check(FILE *f) {
567
117
+        errno = 0;
568
118
+        fflush(f);
569
119
+
570
120
+        if (ferror(f))
571
121
+                return errno > 0 ? -errno : -EIO;
572
122
+
573
123
+        return 0;
574
124
+}
575
125
+
576
126
+static int write_systemd_socket_file(const char *destdir) {
577
127
+        listen_stream_set listen_streams = {};
578
128
+        int num_listen_streams;
579
129
+        char *conf = NULL, *overridedir = NULL;
580
130
+        FILE *f = NULL;
581
131
+        int r;
582
132
+
583
133
+        overridedir = path_append(destdir, "ssh.socket.d");
584
134
+        if (!overridedir) {
585
135
+                r = -ENOMEM;
586
136
+                goto out;
587
137
+        }
588
138
+
589
139
+        if (mkdir(overridedir, 0755) < 0 && errno != EEXIST) {
590
140
+                r = -errno;
591
141
+                goto out;
592
142
+        }
593
143
+
594
144
+        conf = path_append(overridedir, "addresses.conf");
595
145
+        if (!conf) {
596
146
+                r = -ENOMEM;
597
147
+                goto out;
598
148
+        }
599
149
+
600
150
+        f = fopen(conf, "we");
601
151
+        if (!f) {
602
152
+                r = -errno;
603
153
+                goto out;
604
154
+        }
605
155
+
606
156
+        fprintf(f,
607
157
+                "# Automatically generated by sshd-socket-generator\n"
608
158
+                "\n[Socket]\n"
609
159
+                "ListenStream=\n");
610
160
+
611
161
+        for (u_int i = 0; i < options.num_listen_addrs; i++) {
612
162
+                for (struct addrinfo *ai = options.listen_addrs[i].addrs; ai; ai = ai->ai_next) {
613
163
+                        char addr[NI_MAXHOST] = {}, port[NI_MAXSERV] = {},
614
164
+                             listen_stream[MAX_LISTEN_STREAM_LEN] = {};
615
165
+
616
166
+                        r = getnameinfo(ai->ai_addr, ai->ai_addrlen,
617
167
+                                        addr, sizeof(addr),
618
168
+                                        port, sizeof(port),
619
169
+                                        NI_NUMERICHOST|NI_NUMERICSERV);
620
170
+                        if (r != 0) {
621
171
+                                fprintf(stderr, "%s\n", gai_strerror(r));
622
172
+                                r = r == EAI_SYSTEM ? -errno : -EINVAL;
623
173
+                                goto out;
624
174
+                        }
625
175
+
626
176
+                        if (strcmp(addr, "0.0.0.0") == 0 || strcmp(addr, "::") == 0) {
627
177
+                                if (strcmp(port, "22") == 0)
628
178
+                                        /* No need to override. This is the
629
179
+                                         * default in ssh.socket. */
630
180
+                                        continue;
631
181
+
632
182
+                                /* If ListenAddress is 0.0.0.0 or ::, only
633
183
+                                 * write the port in ListenStream=. */
634
184
+                                snprintf(listen_stream,
635
185
+                                        MAX_LISTEN_STREAM_LEN,
636
186
+                                        "ListenStream=%s",
637
187
+                                        port);
638
188
+                        } else
639
189
+                                snprintf(listen_stream,
640
190
+                                        MAX_LISTEN_STREAM_LEN,
641
191
+                                        "ListenStream=%s%s%s:%s",
642
192
+                                        ai->ai_family == AF_INET6 ? "[" : "",
643
193
+                                        addr,
644
194
+                                        ai->ai_family == AF_INET6 ? "]" : "",
645
195
+                                        port);
646
196
+
647
197
+                        r = listen_stream_set_append(listen_streams, listen_stream);
648
198
+                        if (r < 0)
649
199
+                                goto out;
650
200
+                }
651
201
+        }
652
202
+
653
203
+        num_listen_streams = listen_stream_set_len(listen_streams);
654
204
+
655
205
+        if (num_listen_streams <= 0) {
656
206
+                /* We didn't generate anything useful, so clean up and leave
657
207
+                 * ssh.socket as-is. */
658
208
+                r = -ENODATA;
659
209
+                goto out;
660
210
+        }
661
211
+
662
212
+        for (int i = 0; i < num_listen_streams; i++)
663
213
+                fprintf(f, "%s\n", listen_streams[i]);
664
214
+
665
215
+        r = fflush_and_check(f);
666
216
+        if (r < 0)
667
217
+                goto out;
668
218
+
669
219
+out:
670
220
+        if (f)
671
221
+                fclose(f);
672
222
+
673
223
+        if (r < 0) {
674
224
+                (void) remove(conf);
675
225
+                (void) remove(overridedir);
676
226
+        }
677
227
+
678
228
+        free(overridedir);
679
229
+        free(conf);
680
230
+
681
231
+        return r;
682
232
+}
683
233
+
684
234
+static int parse_sshd_config_options() {
685
235
+        struct connection_info *connection_info;
686
236
+
687
237
+        cfg = sshbuf_new();
688
238
+        if (!cfg)
689
239
+                return -ENOMEM;
690
240
+
691
241
+	initialize_server_options(&options);
692
242
+        load_server_config(_PATH_SERVER_CONFIG_FILE, cfg);
693
243
+        parse_server_config(&options, _PATH_SERVER_CONFIG_FILE, cfg, &includes, NULL, 0);
694
244
+        fill_default_server_options(&options);
695
245
+
696
246
+        connection_info = get_connection_info(NULL, 0, 0);
697
247
+        connection_info->test = 1;
698
248
+
699
249
+        parse_server_match_config(&options, &includes, connection_info);
700
250
+
701
251
+        return 0;
702
252
+}
703
253
+
704
254
+int main(int argc, char **argv) {
705
255
+        const char *destdir = NULL;
706
256
+        int r;
707
257
+
708
258
+        if (argc < 2) {
709
259
+                fprintf(stderr, "Expected at least one argument.\n");
710
260
+
711
261
+                return EXIT_FAILURE;
712
262
+        }
713
263
+
714
264
+        destdir = argv[1];
715
265
+
716
266
+        r = parse_sshd_config_options();
717
267
+        if (r < 0) {
718
268
+                fprintf(stderr, "Faild to parse sshd config: %s\n", strerror(-r));
719
269
+
720
270
+                return EXIT_FAILURE;
721
271
+        }
722
272
+
723
273
+        if (options.num_listen_addrs <= 0) {
724
274
+                /* No listen addresses configured? Don't generate anything. */
725
275
+                fprintf(stderr, "No listen addresses configured. Will not generate anything.\n");
726
276
+
727
277
+                return EXIT_SUCCESS;
728
278
+        }
729
279
+
730
280
+        r = write_systemd_socket_file(destdir);
731
281
+        if (r == -ENODATA) {
732
282
+                fprintf(stderr, "No custom listen addresses configured. Will not generated anything.\n");
733
283
+
734
284
+                return EXIT_SUCCESS;
735
285
+        }
736
286
+        if (r < 0) {
737
287
+                fprintf(stderr, "Failed to generate ssh.socket: %s\n", strerror(-r));
738
288
+
739
289
+                return EXIT_FAILURE;
740
290
+        }
741
291
+
742
292
+        return EXIT_SUCCESS;
743
293
+}
744
294
--- a/Makefile.in
745
295
+++ b/Makefile.in
746
296
@@ -17,6 +17,7 @@
747
297
 top_srcdir=@top_srcdir@
748
298
 abs_top_srcdir=@abs_top_srcdir@
749
299
 abs_top_builddir=@abs_top_builddir@
750
300
+systemd_system_generator_dir=$(shell pkg-config --variable=systemd_system_generator_dir systemd)
751
301
 
752
302
 DESTDIR=
753
303
 VPATH=@srcdir@
754
304
@@ -69,7 +70,7 @@
755
305
 
756
306
 .SUFFIXES: .lo
757
307
 
758
308
-TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-sk-helper$(EXEEXT)
759
309
+TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-sk-helper$(EXEEXT) sshd-socket-generator$(EXEEXT)
760
310
 
761
311
 XMSS_OBJS=\
762
312
 	ssh-xmss.o \
763
313
@@ -134,6 +135,16 @@
764
314
 	sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \
765
315
 	sandbox-solaris.o uidswap.o $(SKOBJS)
766
316
 
767
317
+SSHD_SOCKET_GEN_OBJS=sshd-socket-generator.o \
768
318
+	platform.o servconf.o groupaccess.o audit.o audit-linux.o \
769
319
+	auth2.o auth2-none.o auth2-gss.o \
770
320
+	auth2-passwd.o auth2-kbdint.o auth2-hostbased.o \
771
321
+	auth-options.o uidswap.o auth2-pubkey.o auth.o \
772
322
+	auth2-pubkeyfile.o auth-rhosts.o auth-passwd.o \
773
323
+	gss-serv.o auth2-chall.o auth-pam.o gss-serv-krb5.o \
774
324
+	loginrec.o auth-krb5.o auth-shadow.o \
775
325
+	monitor.o monitor_wrap.o
776
326
+
777
327
 SFTP_CLIENT_OBJS=sftp-common.o sftp-client.o sftp-glob.o
778
328
 
779
329
 SCP_OBJS=	scp.o progressmeter.o $(SFTP_CLIENT_OBJS)
780
330
@@ -210,6 +221,9 @@
781
331
 sshd$(EXEEXT): libssh.a	$(LIBCOMPAT) $(SSHDOBJS)
782
332
 	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS) $(CHANNELLIBS)
783
333
 
784
334
+sshd-socket-generator$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHD_SOCKET_GEN_OBJS)
785
335
+	$(LD) -o $@ $(SSHD_SOCKET_GEN_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS) $(CHANNELLIBS)
786
336
+
787
337
 scp$(EXEEXT): $(LIBCOMPAT) libssh.a $(SCP_OBJS)
788
338
 	$(LD) -o $@ $(SCP_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
789
339
 
790
340
@@ -392,6 +406,7 @@
791
341
 	$(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5
792
342
 	$(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8
793
343
 	$(MKDIR_P) $(DESTDIR)$(libexecdir)
794
344
+	$(MKDIR_P) $(DESTDIR)$(systemd_system_generator_dir)
795
345
 	$(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH)
796
346
 	$(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT)
797
347
 	$(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT)
798
348
@@ -421,6 +436,7 @@
799
349
 	$(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
800
350
 	$(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
801
351
 	$(INSTALL) -m 644 ssh-sk-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-sk-helper.8
802
352
+	$(INSTALL) -m 0755 $(STRIP_OPT) sshd-socket-generator$(EXEEXT) $(DESTDIR)$(systemd_system_generator_dir)/sshd-socket-generator$(EXEEXT)
803
353
 
804
354
 install-sysconf:
805
355
 	$(MKDIR_P) $(DESTDIR)$(sysconfdir)
806
356
@@ -478,6 +494,7 @@
807
357
 	-rm -f $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT)
808
358
 	-rm -f $(DESTDIR)$(bindir)/sftp$(EXEEXT)
809
359
 	-rm -f $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
810
360
+	-rm -f $(DESTDIR)$(systemd_system_generator_dir)/sshd-socket-generator$(EXEEXT)
811
361
 	-rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
812
362
 	-rm -f $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
813
363
 	-rm -f $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
814
diff --git a/debian/po/cs.po b/debian/po/cs.po
815
index 21b4c7b..d01e0ff 100644
816
--- a/debian/po/cs.po
817
+++ b/debian/po/cs.po
818
@@ -7,7 +7,7 @@ msgid ""
819
7
msgstr ""
7
msgstr ""
820
8
"Project-Id-Version: openssh 1:6.6p1-1\n"
8
"Project-Id-Version: openssh 1:6.6p1-1\n"
821
9
"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
9
"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
823
10
"POT-Creation-Date: 2022-09-23 19:34+0000\n"
10
"POT-Creation-Date: 2014-03-20 02:06+0000\n"
824
11
"PO-Revision-Date: 2014-06-12 12:25+0200\n"
11
"PO-Revision-Date: 2014-06-12 12:25+0200\n"
825
12
"Last-Translator: Michal Simunek <michal.simunek@gmail.com>\n"
12
"Last-Translator: Michal Simunek <michal.simunek@gmail.com>\n"
826
13
"Language-Team: Czech <debian-l10n-czech@lists.debian.org>\n"
13
"Language-Team: Czech <debian-l10n-czech@lists.debian.org>\n"
827
@@ -53,28 +53,3 @@ msgstr ""
828
53
"poškodit systémy, které jsou nastaveny s předpokladem, že bude možné se "
53
"poškodit systémy, které jsou nastaveny s předpokladem, že bude možné se "
829
54
"přihlašovat přes SSH jako root pomocí ověřování heslem. Změnu této volby "
54
"přihlašovat přes SSH jako root pomocí ověřování heslem. Změnu této volby "
830
55
"byste měli provést pouze pokud ověřování heslem potřebujete."
55
"byste měli provést pouze pokud ověřování heslem potřebujete."
831
56
832
57
#. Type: error
833
58
#. Description
834
59
#: ../openssh-server.templates:3001
835
60
msgid "Not migrating to socket activation"
836
61
msgstr ""
837
62
838
63
#. Type: error
839
64
#. Description
840
65
#: ../openssh-server.templates:3001
841
66
msgid ""
842
67
"This version of openssh-server uses socket-based activation by default. "
843
68
"However, because you have more than one ListenAddress configured in "
844
69
"sshd_config, it is impossible to determine at upgrade time if migrating you "
845
70
"to socket-based activation would cause the starting of sshd at boot to be "
846
71
"unreliable."
847
72
msgstr ""
848
73
849
74
#. Type: error
850
75
#. Description
851
76
#: ../openssh-server.templates:3001
852
77
msgid ""
853
78
"Because a failure to start ssh may make it impossible to admininister a "
854
79
"system, you will not be migrated to socket-based activation at this time."
855
80
msgstr ""
856
diff --git a/debian/po/da.po b/debian/po/da.po
857
index a08ca3b..70d576d 100644
858
--- a/debian/po/da.po
859
+++ b/debian/po/da.po
860
@@ -7,7 +7,7 @@ msgid ""
861
7
msgstr ""
7
msgstr ""
862
8
"Project-Id-Version: openssh\n"
8
"Project-Id-Version: openssh\n"
863
9
"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
9
"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
865
10
"POT-Creation-Date: 2022-09-23 19:34+0000\n"
10
"POT-Creation-Date: 2014-03-20 02:06+0000\n"
866
11
"PO-Revision-Date: 2014-03-21 23:51+0200\n"
11
"PO-Revision-Date: 2014-03-21 23:51+0200\n"
867
12
"Last-Translator: Joe Hansen <joedalton2@yahoo.dk>\n"
12
"Last-Translator: Joe Hansen <joedalton2@yahoo.dk>\n"
868
13
"Language-Team: Danish <debian-l10n-danish@lists.debian.org>\n"
13
"Language-Team: Danish <debian-l10n-danish@lists.debian.org>\n"
869
@@ -53,28 +53,3 @@ msgstr ""
870
53
"Det kan dog ødelægge systemer, som er opsat med forventning om at kunne SSH "
53
"Det kan dog ødelægge systemer, som er opsat med forventning om at kunne SSH "
871
54
"som root via brug af adgangskodegodkendelse. Du skal kun lave denne ændring, "
54
"som root via brug af adgangskodegodkendelse. Du skal kun lave denne ændring, "
872
55
"hvis du ikke har brug for dette."
55
"hvis du ikke har brug for dette."
873
56
874
57
#. Type: error
875
58
#. Description
876
59
#: ../openssh-server.templates:3001
877
60
msgid "Not migrating to socket activation"
878
61
msgstr ""
879
62
880
63
#. Type: error
881
64
#. Description
882
65
#: ../openssh-server.templates:3001
883
66
msgid ""
884
67
"This version of openssh-server uses socket-based activation by default. "
885
68
"However, because you have more than one ListenAddress configured in "
886
69
"sshd_config, it is impossible to determine at upgrade time if migrating you "
887
70
"to socket-based activation would cause the starting of sshd at boot to be "
888
71
"unreliable."
889
72
msgstr ""
890
73
891
74
#. Type: error
892
75
#. Description
893
76
#: ../openssh-server.templates:3001
894
77
msgid ""
895
78
"Because a failure to start ssh may make it impossible to admininister a "
896
79
"system, you will not be migrated to socket-based activation at this time."
897
80
msgstr ""
898
diff --git a/debian/po/de.po b/debian/po/de.po
899
index 2536ea4..ecba54b 100644
900
--- a/debian/po/de.po
901
+++ b/debian/po/de.po
902
@@ -8,7 +8,7 @@ msgid ""
903
8
msgstr ""
8
msgstr ""
904
9
"Project-Id-Version: openssh_1:6.6p1-1\n"
9
"Project-Id-Version: openssh_1:6.6p1-1\n"
905
10
"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
10
"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
907
11
"POT-Creation-Date: 2022-09-23 19:34+0000\n"
11
"POT-Creation-Date: 2014-03-20 02:06+0000\n"
908
12
"PO-Revision-Date: 2014-03-24 22:21+0100\n"
12
"PO-Revision-Date: 2014-03-24 22:21+0100\n"
909
13
"Last-Translator: Stephan Beck <sbeck@mailbox.org>\n"
13
"Last-Translator: Stephan Beck <sbeck@mailbox.org>\n"
910
14
"Language-Team: Debian German translation team <debian-l10n-german@lists."
14
"Language-Team: Debian German translation team <debian-l10n-german@lists."
911
@@ -59,28 +59,3 @@ msgstr ""
912
59
"in der Absicht konfiguriert wurden, die Anmeldung als »root« über SSH unter "
59
"in der Absicht konfiguriert wurden, die Anmeldung als »root« über SSH unter "
913
60
"Verwendung von Passwort-Authentifizierung zuzulassen. Sie sollten diese "
60
"Verwendung von Passwort-Authentifizierung zuzulassen. Sie sollten diese "
914
61
"Änderung nur vornehmen, wenn Sie auf Letzteres verzichten können."
61
"Änderung nur vornehmen, wenn Sie auf Letzteres verzichten können."
915
62
916
63
#. Type: error
917
64
#. Description
918
65
#: ../openssh-server.templates:3001
919
66
msgid "Not migrating to socket activation"
920
67
msgstr ""
921
68
922
69
#. Type: error
923
70
#. Description
924
71
#: ../openssh-server.templates:3001
925
72
msgid ""
926
73
"This version of openssh-server uses socket-based activation by default. "
927
74
"However, because you have more than one ListenAddress configured in "
928
75
"sshd_config, it is impossible to determine at upgrade time if migrating you "
929
76
"to socket-based activation would cause the starting of sshd at boot to be "
930
77
"unreliable."
931
78
msgstr ""
932
79
933
80
#. Type: error
934
81
#. Description
935
82
#: ../openssh-server.templates:3001
936
83
msgid ""
937
84
"Because a failure to start ssh may make it impossible to admininister a "
938
85
"system, you will not be migrated to socket-based activation at this time."
939
86
msgstr ""
940
diff --git a/debian/po/es.po b/debian/po/es.po
941
index 14550d6..de8a67a 100644
942
--- a/debian/po/es.po
943
+++ b/debian/po/es.po
944
@@ -28,7 +28,7 @@ msgid ""
945
28
msgstr ""
28
msgstr ""
946
29
"Project-Id-Version: openssh\n"
29
"Project-Id-Version: openssh\n"
947
30
"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
30
"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
949
31
"POT-Creation-Date: 2022-09-23 19:34+0000\n"
31
"POT-Creation-Date: 2014-03-20 02:06+0000\n"
950
32
"PO-Revision-Date: 2014-03-23 20:43-0300\n"
32
"PO-Revision-Date: 2014-03-23 20:43-0300\n"
951
33
"Last-Translator: Matías Bellone <matiasbellone+debian@gmail.com>\n"
33
"Last-Translator: Matías Bellone <matiasbellone+debian@gmail.com>\n"
952
34
"Language-Team: Debian l10n Spanish <debian-l10n-spanish@lists.debian.org>\n"
34
"Language-Team: Debian l10n Spanish <debian-l10n-spanish@lists.debian.org>\n"
953
@@ -78,28 +78,3 @@ msgstr ""
954
78
"configuración permite que el usuario root inicie sesión a través de SSH "
78
"configuración permite que el usuario root inicie sesión a través de SSH "
955
79
"utilizando una contraseña. Sólo debería realizar este cambio si no necesita "
79
"utilizando una contraseña. Sólo debería realizar este cambio si no necesita "
956
80
"este comportamiento."
80
"este comportamiento."
957
81
958
82
#. Type: error
959
83
#. Description
960
84
#: ../openssh-server.templates:3001
961
85
msgid "Not migrating to socket activation"
962
86
msgstr ""
963
87
964
88
#. Type: error
965
89
#. Description
966
90
#: ../openssh-server.templates:3001
967
91
msgid ""
968
92
"This version of openssh-server uses socket-based activation by default. "
969
93
"However, because you have more than one ListenAddress configured in "
970
94
"sshd_config, it is impossible to determine at upgrade time if migrating you "
971
95
"to socket-based activation would cause the starting of sshd at boot to be "
972
96
"unreliable."
973
97
msgstr ""
974
98
975
99
#. Type: error
976
100
#. Description
977
101
#: ../openssh-server.templates:3001
978
102
msgid ""
979
103
"Because a failure to start ssh may make it impossible to admininister a "
980
104
"system, you will not be migrated to socket-based activation at this time."
981
105
msgstr ""
982
diff --git a/debian/po/fr.po b/debian/po/fr.po
983
index 7d7093b..f7125e9 100644
984
--- a/debian/po/fr.po
985
+++ b/debian/po/fr.po
986
@@ -7,7 +7,7 @@ msgid ""
987
7
msgstr ""
7
msgstr ""
988
8
"Project-Id-Version: openssh_1:6.5p1-6\n"
8
"Project-Id-Version: openssh_1:6.5p1-6\n"
989
9
"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
9
"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
991
10
"POT-Creation-Date: 2022-09-23 19:34+0000\n"
10
"POT-Creation-Date: 2014-03-20 02:06+0000\n"
992
11
"PO-Revision-Date: 2014-03-22 08:26+0100\n"
11
"PO-Revision-Date: 2014-03-22 08:26+0100\n"
993
12
"Last-Translator: Étienne Gilli <etienne.gilli@gmail.com>\n"
12
"Last-Translator: Étienne Gilli <etienne.gilli@gmail.com>\n"
994
13
"Language-Team: French <debian-l10n-french@lists.debian.org>\n"
13
"Language-Team: French <debian-l10n-french@lists.debian.org>\n"
995
@@ -57,28 +57,3 @@ msgstr ""
996
57
"inutilisables les systèmes reposant sur la possibilité de se connecter au "
57
"inutilisables les systèmes reposant sur la possibilité de se connecter au "
997
58
"compte « root » par SSH avec authentification par mot de passe. Vous ne "
58
"compte « root » par SSH avec authentification par mot de passe. Vous ne "
998
59
"devriez appliquer cette modification que si ce n’est pas votre cas."
59
"devriez appliquer cette modification que si ce n’est pas votre cas."
999
60
1000
61
#. Type: error
1001
62
#. Description
1002
63
#: ../openssh-server.templates:3001
1003
64
msgid "Not migrating to socket activation"
1004
65
msgstr ""
1005
66
1006
67
#. Type: error
1007
68
#. Description
1008
69
#: ../openssh-server.templates:3001
1009
70
msgid ""
1010
71
"This version of openssh-server uses socket-based activation by default. "
1011
72
"However, because you have more than one ListenAddress configured in "
1012
73
"sshd_config, it is impossible to determine at upgrade time if migrating you "
1013
74
"to socket-based activation would cause the starting of sshd at boot to be "
1014
75
"unreliable."
1015
76
msgstr ""
1016
77
1017
78
#. Type: error
1018
79
#. Description
1019
80
#: ../openssh-server.templates:3001
1020
81
msgid ""
1021
82
"Because a failure to start ssh may make it impossible to admininister a "
1022
83
"system, you will not be migrated to socket-based activation at this time."
1023
84
msgstr ""
1024
diff --git a/debian/po/it.po b/debian/po/it.po
1025
index 5390795..dd71060 100644
1026
--- a/debian/po/it.po
1027
+++ b/debian/po/it.po
1028
@@ -6,7 +6,7 @@ msgid ""
1029
6
msgstr ""
6
msgstr ""
1030
7
"Project-Id-Version: openssh\n"
7
"Project-Id-Version: openssh\n"
1031
8
"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
8
"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
1033
9
"POT-Creation-Date: 2022-09-23 19:34+0000\n"
9
"POT-Creation-Date: 2014-03-20 02:06+0000\n"
1034
10
"PO-Revision-Date: 2014-03-28 11:12+0200\n"
10
"PO-Revision-Date: 2014-03-28 11:12+0200\n"
1035
11
"Last-Translator: Beatrice Torracca <beatricet@libero.it>\n"
11
"Last-Translator: Beatrice Torracca <beatricet@libero.it>\n"
1036
12
"Language-Team: Italian <debian-l10n-italian@lists.debian.org>\n"
12
"Language-Team: Italian <debian-l10n-italian@lists.debian.org>\n"
1037
@@ -56,28 +56,3 @@ msgstr ""
1038
56
"impostati facendo affidamento sulla possibilità di autenticazione SSH come "
56
"impostati facendo affidamento sulla possibilità di autenticazione SSH come "
1039
57
"root usando la password. Si dovrebbe fare questo cambiamento solo se non si "
57
"root usando la password. Si dovrebbe fare questo cambiamento solo se non si "
1040
58
"ha bisogno di tale comportamento."
58
"ha bisogno di tale comportamento."
1041
59
1042
60
#. Type: error
1043
61
#. Description
1044
62
#: ../openssh-server.templates:3001
1045
63
msgid "Not migrating to socket activation"
1046
64
msgstr ""
1047
65
1048
66
#. Type: error
1049
67
#. Description
1050
68
#: ../openssh-server.templates:3001
1051
69
msgid ""
1052
70
"This version of openssh-server uses socket-based activation by default. "
1053
71
"However, because you have more than one ListenAddress configured in "
1054
72
"sshd_config, it is impossible to determine at upgrade time if migrating you "
1055
73
"to socket-based activation would cause the starting of sshd at boot to be "
1056
74
"unreliable."
1057
75
msgstr ""
1058
76
1059
77
#. Type: error
1060
78
#. Description
1061
79
#: ../openssh-server.templates:3001
1062
80
msgid ""
1063
81
"Because a failure to start ssh may make it impossible to admininister a "
1064
82
"system, you will not be migrated to socket-based activation at this time."
1065
83
msgstr ""
1066
diff --git a/debian/po/ja.po b/debian/po/ja.po
1067
index b48d281..db382f1 100644
1068
--- a/debian/po/ja.po
1069
+++ b/debian/po/ja.po
1070
@@ -7,7 +7,7 @@ msgid ""
1071
7
msgstr ""
7
msgstr ""
1072
8
"Project-Id-Version: openssh\n"
8
"Project-Id-Version: openssh\n"
1073
9
"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
9
"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
1075
10
"POT-Creation-Date: 2022-09-23 19:34+0000\n"
10
"POT-Creation-Date: 2014-03-20 02:06+0000\n"
1076
11
"PO-Revision-Date: 2014-03-20 11:06+0900\n"
11
"PO-Revision-Date: 2014-03-20 11:06+0900\n"
1077
12
"Last-Translator: victory <victory.deb@gmail.com>\n"
12
"Last-Translator: victory <victory.deb@gmail.com>\n"
1078
13
"Language-Team: Japanese <debian-japanese@lists.debian.org>\n"
13
"Language-Team: Japanese <debian-japanese@lists.debian.org>\n"
1079
@@ -53,28 +53,3 @@ msgstr ""
1080
53
"ます。しかしパスワード認証により root で SSH 接続できることを前提として構成し"
53
"ます。しかしパスワード認証により root で SSH 接続できることを前提として構成し"
1081
54
"たシステムでは問題が発生する可能性があります。そういった必要のない場合にのみ"
54
"たシステムでは問題が発生する可能性があります。そういった必要のない場合にのみ"
1082
55
"この変更を行うようにしてください。"
55
"この変更を行うようにしてください。"
1083
56
1084
57
#. Type: error
1085
58
#. Description
1086
59
#: ../openssh-server.templates:3001
1087
60
msgid "Not migrating to socket activation"
1088
61
msgstr ""
1089
62
1090
63
#. Type: error
1091
64
#. Description
1092
65
#: ../openssh-server.templates:3001
1093
66
msgid ""
1094
67
"This version of openssh-server uses socket-based activation by default. "
1095
68
"However, because you have more than one ListenAddress configured in "
1096
69
"sshd_config, it is impossible to determine at upgrade time if migrating you "
1097
70
"to socket-based activation would cause the starting of sshd at boot to be "
1098
71
"unreliable."
1099
72
msgstr ""
1100
73
1101
74
#. Type: error
1102
75
#. Description
1103
76
#: ../openssh-server.templates:3001
1104
77
msgid ""
1105
78
"Because a failure to start ssh may make it impossible to admininister a "
1106
79
"system, you will not be migrated to socket-based activation at this time."
1107
80
msgstr ""
1108
diff --git a/debian/po/nl.po b/debian/po/nl.po
1109
index eca9662..3afd617 100644
1110
--- a/debian/po/nl.po
1111
+++ b/debian/po/nl.po
1112
@@ -7,7 +7,7 @@ msgid ""
1113
7
msgstr ""
7
msgstr ""
1114
8
"Project-Id-Version: openssh\n"
8
"Project-Id-Version: openssh\n"
1115
9
"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
9
"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
1117
10
"POT-Creation-Date: 2022-09-23 19:34+0000\n"
10
"POT-Creation-Date: 2014-03-20 02:06+0000\n"
1118
11
"PO-Revision-Date: 2014-10-03 23:54+0200\n"
11
"PO-Revision-Date: 2014-10-03 23:54+0200\n"
1119
12
"Last-Translator: Frans Spiesschaert <Frans.Spiesschaert@yucom.be>\n"
12
"Last-Translator: Frans Spiesschaert <Frans.Spiesschaert@yucom.be>\n"
1120
13
"Language-Team: Debian Dutch l10n Team <debian-l10n-dutch@lists.debian.org>\n"
13
"Language-Team: Debian Dutch l10n Team <debian-l10n-dutch@lists.debian.org>\n"
1121
@@ -58,28 +58,3 @@ msgstr ""
1122
58
"ingesteld werden vanuit de verwachting dat de systeembeheerder SSH kan "
58
"ingesteld werden vanuit de verwachting dat de systeembeheerder SSH kan "
1123
59
"gebruiken met authenticatie via wachtwoord. Enkel wanneer u dit laatste niet "
59
"gebruiken met authenticatie via wachtwoord. Enkel wanneer u dit laatste niet "
1124
60
"nodig heeft, zou u deze wijziging kunnen doorvoeren."
60
"nodig heeft, zou u deze wijziging kunnen doorvoeren."
1125
61
1126
62
#. Type: error
1127
63
#. Description
1128
64
#: ../openssh-server.templates:3001
1129
65
msgid "Not migrating to socket activation"
1130
66
msgstr ""
1131
67
1132
68
#. Type: error
1133
69
#. Description
1134
70
#: ../openssh-server.templates:3001
1135
71
msgid ""
1136
72
"This version of openssh-server uses socket-based activation by default. "
1137
73
"However, because you have more than one ListenAddress configured in "
1138
74
"sshd_config, it is impossible to determine at upgrade time if migrating you "
1139
75
"to socket-based activation would cause the starting of sshd at boot to be "
1140
76
"unreliable."
1141
77
msgstr ""
1142
78
1143
79
#. Type: error
1144
80
#. Description
1145
81
#: ../openssh-server.templates:3001
1146
82
msgid ""
1147
83
"Because a failure to start ssh may make it impossible to admininister a "
1148
84
"system, you will not be migrated to socket-based activation at this time."
1149
85
msgstr ""
1150
diff --git a/debian/po/pt.po b/debian/po/pt.po
1151
index 8f51af9..2dab84c 100644
1152
--- a/debian/po/pt.po
1153
+++ b/debian/po/pt.po
1154
@@ -7,7 +7,7 @@ msgid ""
1155
7
msgstr ""
7
msgstr ""
1156
8
"Project-Id-Version: openssh 1:6.6p1-1\n"
8
"Project-Id-Version: openssh 1:6.6p1-1\n"
1157
9
"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
9
"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
1159
10
"POT-Creation-Date: 2022-09-23 19:34+0000\n"
10
"POT-Creation-Date: 2014-03-20 02:06+0000\n"
1160
11
"PO-Revision-Date: 2014-03-21 21:13+0000\n"
11
"PO-Revision-Date: 2014-03-21 21:13+0000\n"
1161
12
"Last-Translator: Américo Monteiro <a_monteiro@gmx.com>\n"
12
"Last-Translator: Américo Monteiro <a_monteiro@gmx.com>\n"
1162
13
"Language-Team: Portuguese <traduz@debianpt.org>\n"
13
"Language-Team: Portuguese <traduz@debianpt.org>\n"
1163
@@ -57,28 +57,3 @@ msgstr ""
1164
57
"configurados com a expectativa de serem capazes de SSH como root usando "
57
"configurados com a expectativa de serem capazes de SSH como root usando "
1165
58
"autenticação por palavra-passe. Apenas deverá fazer esta alteração se não "
58
"autenticação por palavra-passe. Apenas deverá fazer esta alteração se não "
1166
59
"precisa de tal método de autenticação."
59
"precisa de tal método de autenticação."
1167
60
1168
61
#. Type: error
1169
62
#. Description
1170
63
#: ../openssh-server.templates:3001
1171
64
msgid "Not migrating to socket activation"
1172
65
msgstr ""
1173
66
1174
67
#. Type: error
1175
68
#. Description
1176
69
#: ../openssh-server.templates:3001
1177
70
msgid ""
1178
71
"This version of openssh-server uses socket-based activation by default. "
1179
72
"However, because you have more than one ListenAddress configured in "
1180
73
"sshd_config, it is impossible to determine at upgrade time if migrating you "
1181
74
"to socket-based activation would cause the starting of sshd at boot to be "
1182
75
"unreliable."
1183
76
msgstr ""
1184
77
1185
78
#. Type: error
1186
79
#. Description
1187
80
#: ../openssh-server.templates:3001
1188
81
msgid ""
1189
82
"Because a failure to start ssh may make it impossible to admininister a "
1190
83
"system, you will not be migrated to socket-based activation at this time."
1191
84
msgstr ""
1192
diff --git a/debian/po/pt_BR.po b/debian/po/pt_BR.po
1193
index 98856bb..99b1182 100644
1194
--- a/debian/po/pt_BR.po
1195
+++ b/debian/po/pt_BR.po
1196
@@ -8,7 +8,7 @@ msgid ""
1197
8
msgstr ""
8
msgstr ""
1198
9
"Project-Id-Version: openssh\n"
9
"Project-Id-Version: openssh\n"
1199
10
"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
10
"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
1201
11
"POT-Creation-Date: 2022-09-23 19:34+0000\n"
11
"POT-Creation-Date: 2014-03-20 02:06+0000\n"
1202
12
"PO-Revision-Date: 2014-11-23 23:49-0200\n"
12
"PO-Revision-Date: 2014-11-23 23:49-0200\n"
1203
13
"Last-Translator: José de Figueiredo <deb.gnulinux@gmail.com>\n"
13
"Last-Translator: José de Figueiredo <deb.gnulinux@gmail.com>\n"
1204
14
"Language-Team: Brazilian Portuguese <debian-l10n-portuguese@lists.debian."
14
"Language-Team: Brazilian Portuguese <debian-l10n-portuguese@lists.debian."
1205
@@ -55,28 +55,3 @@ msgstr ""
1206
55
"Entretanto, ela pode quebrar sistemas que foram configurados com a "
55
"Entretanto, ela pode quebrar sistemas que foram configurados com a "
1207
56
"expectativa de acesso SSH com root usando autenticação por senha. Você deve "
56
"expectativa de acesso SSH com root usando autenticação por senha. Você deve "
1208
57
"fazer esta mudança somente se você não precisa fazer isso."
57
"fazer esta mudança somente se você não precisa fazer isso."
1209
58
1210
59
#. Type: error
1211
60
#. Description
1212
61
#: ../openssh-server.templates:3001
1213
62
msgid "Not migrating to socket activation"
1214
63
msgstr ""
1215
64
1216
65
#. Type: error
1217
66
#. Description
1218
67
#: ../openssh-server.templates:3001
1219
68
msgid ""
1220
69
"This version of openssh-server uses socket-based activation by default. "
1221
70
"However, because you have more than one ListenAddress configured in "
1222
71
"sshd_config, it is impossible to determine at upgrade time if migrating you "
1223
72
"to socket-based activation would cause the starting of sshd at boot to be "
1224
73
"unreliable."
1225
74
msgstr ""
1226
75
1227
76
#. Type: error
1228
77
#. Description
1229
78
#: ../openssh-server.templates:3001
1230
79
msgid ""
1231
80
"Because a failure to start ssh may make it impossible to admininister a "
1232
81
"system, you will not be migrated to socket-based activation at this time."
1233
82
msgstr ""
1234
diff --git a/debian/po/ru.po b/debian/po/ru.po
1235
index 3fa193c..f2e1daf 100644
1236
--- a/debian/po/ru.po
1237
+++ b/debian/po/ru.po
1238
@@ -6,7 +6,7 @@ msgid ""
1239
6
msgstr ""
6
msgstr ""
1240
7
"Project-Id-Version: openssh 1:6.6p1-1\n"
7
"Project-Id-Version: openssh 1:6.6p1-1\n"
1241
8
"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
8
"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
1243
9
"POT-Creation-Date: 2022-09-23 19:34+0000\n"
9
"POT-Creation-Date: 2014-03-20 02:06+0000\n"
1244
10
"PO-Revision-Date: 2014-03-22 10:04+0400\n"
10
"PO-Revision-Date: 2014-03-22 10:04+0400\n"
1245
11
"Last-Translator: Yuri Kozlov <yuray@komyakino.ru>\n"
11
"Last-Translator: Yuri Kozlov <yuray@komyakino.ru>\n"
1246
12
"Language-Team: Russian <debian-l10n-russian@lists.debian.org>\n"
12
"Language-Team: Russian <debian-l10n-russian@lists.debian.org>\n"
1247
@@ -14,8 +14,8 @@ msgstr ""
1248
14
"MIME-Version: 1.0\n"
14
"MIME-Version: 1.0\n"
1249
15
"Content-Type: text/plain; charset=UTF-8\n"
15
"Content-Type: text/plain; charset=UTF-8\n"
1250
16
"Content-Transfer-Encoding: 8bit\n"
16
"Content-Transfer-Encoding: 8bit\n"
1253
17
"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && "
17
"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
1254
18
"n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
18
"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
1255
19
"X-Generator: Lokalize 1.4\n"
19
"X-Generator: Lokalize 1.4\n"
1256
20
20
1257
21
#. Type: boolean
21
#. Type: boolean
1258
@@ -55,28 +55,3 @@ msgstr ""
1259
55
"атак). Однако, это вредит системам, в которых специально настроен вход для "
55
"атак). Однако, это вредит системам, в которых специально настроен вход для "
1260
56
"root по SSH с парольной аутентификацией. Если это не ваш случай, то ответьте "
56
"root по SSH с парольной аутентификацией. Если это не ваш случай, то ответьте "
1261
57
"утвердительно."
57
"утвердительно."
1262
58
1263
59
#. Type: error
1264
60
#. Description
1265
61
#: ../openssh-server.templates:3001
1266
62
msgid "Not migrating to socket activation"
1267
63
msgstr ""
1268
64
1269
65
#. Type: error
1270
66
#. Description
1271
67
#: ../openssh-server.templates:3001
1272
68
msgid ""
1273
69
"This version of openssh-server uses socket-based activation by default. "
1274
70
"However, because you have more than one ListenAddress configured in "
1275
71
"sshd_config, it is impossible to determine at upgrade time if migrating you "
1276
72
"to socket-based activation would cause the starting of sshd at boot to be "
1277
73
"unreliable."
1278
74
msgstr ""
1279
75
1280
76
#. Type: error
1281
77
#. Description
1282
78
#: ../openssh-server.templates:3001
1283
79
msgid ""
1284
80
"Because a failure to start ssh may make it impossible to admininister a "
1285
81
"system, you will not be migrated to socket-based activation at this time."
1286
82
msgstr ""
1287
diff --git a/debian/po/sv.po b/debian/po/sv.po
1288
index 296e611..278b0cc 100644
1289
--- a/debian/po/sv.po
1290
+++ b/debian/po/sv.po
1291
@@ -8,7 +8,7 @@ msgid ""
1292
8
msgstr ""
8
msgstr ""
1293
9
"Project-Id-Version: openssh\n"
9
"Project-Id-Version: openssh\n"
1294
10
"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
10
"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
1296
11
"POT-Creation-Date: 2022-09-23 19:34+0000\n"
11
"POT-Creation-Date: 2014-03-20 02:06+0000\n"
1297
12
"PO-Revision-Date: 2014-03-21 21:36+0100\n"
12
"PO-Revision-Date: 2014-03-21 21:36+0100\n"
1298
13
"Last-Translator: Andreas Rönnquist <gusnan@gusnan.se>\n"
13
"Last-Translator: Andreas Rönnquist <gusnan@gusnan.se>\n"
1299
14
"Language-Team: Swedish\n"
14
"Language-Team: Swedish\n"
1300
@@ -56,28 +56,3 @@ msgstr ""
1301
56
"sådana angrepp). Dock så kan detta förstöra system som förväntas kunna "
56
"sådana angrepp). Dock så kan detta förstöra system som förväntas kunna "
1302
57
"använda SSH som root med hjälp av lösenordsautentisering. Du skall endast "
57
"använda SSH som root med hjälp av lösenordsautentisering. Du skall endast "
1303
58
"göra denna förändring om du inte har ett behov av att kunna göra detta."
58
"göra denna förändring om du inte har ett behov av att kunna göra detta."
1304
59
1305
60
#. Type: error
1306
61
#. Description
1307
62
#: ../openssh-server.templates:3001
1308
63
msgid "Not migrating to socket activation"
1309
64
msgstr ""
1310
65
1311
66
#. Type: error
1312
67
#. Description
1313
68
#: ../openssh-server.templates:3001
1314
69
msgid ""
1315
70
"This version of openssh-server uses socket-based activation by default. "
1316
71
"However, because you have more than one ListenAddress configured in "
1317
72
"sshd_config, it is impossible to determine at upgrade time if migrating you "
1318
73
"to socket-based activation would cause the starting of sshd at boot to be "
1319
74
"unreliable."
1320
75
msgstr ""
1321
76
1322
77
#. Type: error
1323
78
#. Description
1324
79
#: ../openssh-server.templates:3001
1325
80
msgid ""
1326
81
"Because a failure to start ssh may make it impossible to admininister a "
1327
82
"system, you will not be migrated to socket-based activation at this time."
1328
83
msgstr ""
1329
diff --git a/debian/po/templates.pot b/debian/po/templates.pot
1330
index c9dc5ba..47c9e36 100644
1331
--- a/debian/po/templates.pot
1332
+++ b/debian/po/templates.pot
1333
@@ -1,6 +1,6 @@
1334
1
# SOME DESCRIPTIVE TITLE.
1
# SOME DESCRIPTIVE TITLE.
1335
2
# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
2
# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
1337
3
# This file is distributed under the same license as the openssh package.
3
# This file is distributed under the same license as the PACKAGE package.
1338
4
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
4
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
1339
5
#
5
#
1340
6
#, fuzzy
6
#, fuzzy
1341
@@ -8,7 +8,7 @@ msgid ""
1342
8
msgstr ""
8
msgstr ""
1343
9
"Project-Id-Version: openssh\n"
9
"Project-Id-Version: openssh\n"
1344
10
"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
10
"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
1346
11
"POT-Creation-Date: 2022-09-23 19:34+0000\n"
11
"POT-Creation-Date: 2014-03-20 02:06+0000\n"
1347
12
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
12
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
1348
13
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
13
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
1349
14
"Language-Team: LANGUAGE <LL@li.org>\n"
14
"Language-Team: LANGUAGE <LL@li.org>\n"
1350
@@ -44,28 +44,3 @@ msgid ""
1351
44
"able to SSH as root using password authentication. You should only make this "
44
"able to SSH as root using password authentication. You should only make this "
1352
45
"change if you do not need to do that."
45
"change if you do not need to do that."
1353
46
msgstr ""
46
msgstr ""
1354
47
1355
48
#. Type: error
1356
49
#. Description
1357
50
#: ../openssh-server.templates:3001
1358
51
msgid "Not migrating to socket activation"
1359
52
msgstr ""
1360
53
1361
54
#. Type: error
1362
55
#. Description
1363
56
#: ../openssh-server.templates:3001
1364
57
msgid ""
1365
58
"This version of openssh-server uses socket-based activation by default. "
1366
59
"However, because you have more than one ListenAddress configured in "
1367
60
"sshd_config, it is impossible to determine at upgrade time if migrating you "
1368
61
"to socket-based activation would cause the starting of sshd at boot to be "
1369
62
"unreliable."
1370
63
msgstr ""
1371
64
1372
65
#. Type: error
1373
66
#. Description
1374
67
#: ../openssh-server.templates:3001
1375
68
msgid ""
1376
69
"Because a failure to start ssh may make it impossible to admininister a "
1377
70
"system, you will not be migrated to socket-based activation at this time."
1378
71
msgstr ""
1379
diff --git a/debian/po/tr.po b/debian/po/tr.po
1380
index fd6bde5..1ada041 100644
1381
--- a/debian/po/tr.po
1382
+++ b/debian/po/tr.po
1383
@@ -7,15 +7,15 @@ msgid ""
1384
7
msgstr ""
7
msgstr ""
1385
8
"Project-Id-Version: openssh-server\n"
8
"Project-Id-Version: openssh-server\n"
1386
9
"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
9
"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
1388
10
"POT-Creation-Date: 2022-09-23 19:34+0000\n"
10
"POT-Creation-Date: 2014-03-20 02:06+0000\n"
1389
11
"PO-Revision-Date: 2014-08-01 14:44+0200\n"
11
"PO-Revision-Date: 2014-08-01 14:44+0200\n"
1390
12
"Last-Translator: Mert Dirik <mertdirik@gmail.com>\n"
12
"Last-Translator: Mert Dirik <mertdirik@gmail.com>\n"
1391
13
"Language-Team: Debian L10n Turkish <debian-l10n-turkish@lists.debian.org>\n"
13
"Language-Team: Debian L10n Turkish <debian-l10n-turkish@lists.debian.org>\n"
1392
14
"Language: tr\n"
1393
15
"MIME-Version: 1.0\n"
14
"MIME-Version: 1.0\n"
1394
16
"Content-Type: text/plain; charset=UTF-8\n"
15
"Content-Type: text/plain; charset=UTF-8\n"
1395
17
"Content-Transfer-Encoding: 8bit\n"
16
"Content-Transfer-Encoding: 8bit\n"
1396
18
"X-Generator: Poedit 1.5.4\n"
17
"X-Generator: Poedit 1.5.4\n"
1397
18
"Language: tr\n"
1398
19
19
1399
20
#. Type: boolean
20
#. Type: boolean
1400
21
#. Description
21
#. Description
1401
@@ -56,28 +56,3 @@ msgstr ""
1402
56
"parola doğrulama yöntemiyle oturum açılabileceği varsayımıyla hareket eden "
56
"parola doğrulama yöntemiyle oturum açılabileceği varsayımıyla hareket eden "
1403
57
"sistemlerde eskiden çalışan düzenin bozulmasına sebep olacaktır. Bu "
57
"sistemlerde eskiden çalışan düzenin bozulmasına sebep olacaktır. Bu "
1404
58
"değişikliği yalnızca sorun çıkarmayacağından eminseniz yapın."
58
"değişikliği yalnızca sorun çıkarmayacağından eminseniz yapın."
1405
59
1406
60
#. Type: error
1407
61
#. Description
1408
62
#: ../openssh-server.templates:3001
1409
63
msgid "Not migrating to socket activation"
1410
64
msgstr ""
1411
65
1412
66
#. Type: error
1413
67
#. Description
1414
68
#: ../openssh-server.templates:3001
1415
69
msgid ""
1416
70
"This version of openssh-server uses socket-based activation by default. "
1417
71
"However, because you have more than one ListenAddress configured in "
1418
72
"sshd_config, it is impossible to determine at upgrade time if migrating you "
1419
73
"to socket-based activation would cause the starting of sshd at boot to be "
1420
74
"unreliable."
1421
75
msgstr ""
1422
76
1423
77
#. Type: error
1424
78
#. Description
1425
79
#: ../openssh-server.templates:3001
1426
80
msgid ""
1427
81
"Because a failure to start ssh may make it impossible to admininister a "
1428
82
"system, you will not be migrated to socket-based activation at this time."
1429
83
msgstr ""
1430
diff --git a/debian/rules b/debian/rules
1431
index dff4713..54d82cb 100755
1432
--- a/debian/rules
1433
+++ b/debian/rules
1434
@@ -1,6 +1,6 @@
1435
1
#!/usr/bin/make -f
1
#!/usr/bin/make -f
1436
2
2
1438
3
export DEB_BUILD_MAINT_OPTIONS := hardening=+all
3
export DEB_BUILD_MAINT_OPTIONS := hardening=+all optimize=+lto
1439
4
4
1440
5
include /usr/share/dpkg/default.mk
5
include /usr/share/dpkg/default.mk
1441
6
6
1442
diff --git a/debian/systemd/ssh.socket b/debian/systemd/ssh.socket
1443
index 1de1280..69e93a0 100644
1444
--- a/debian/systemd/ssh.socket
1445
+++ b/debian/systemd/ssh.socket
1446
@@ -1,11 +1,13 @@
1447
1
[Unit]
1
[Unit]
1448
2
Description=OpenBSD Secure Shell server socket
2
Description=OpenBSD Secure Shell server socket
1450
3
Before=sockets.target
3
Before=sockets.target ssh.service
1451
4
ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
4
ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
1452
5
5
1453
6
[Socket]
6
[Socket]
1454
7
ListenStream=22
7
ListenStream=22
1455
8
Accept=no
8
Accept=no
1456
9
FreeBind=yes
1457
9
10
1458
10
[Install]
11
[Install]
1459
11
WantedBy=sockets.target
12
WantedBy=sockets.target
1460
13
RequiredBy=ssh.service
1461
diff --git a/debian/tests/control b/debian/tests/control
1462
index adef04c..dd8069d 100644
1463
--- a/debian/tests/control
1464
+++ b/debian/tests/control
1465
@@ -15,3 +15,9 @@ Restrictions: needs-root allow-stderr
1466
15
Depends: openssh-client,
15
Depends: openssh-client,
1467
16
         openssh-server,
16
         openssh-server,
1468
17
         systemd,
17
         systemd,
1469
18
1470
19
Tests: sshd-socket-generator
1471
20
Restrictions: needs-root allow-stderr
1472
21
Depends: openssh-client,
1473
22
         openssh-server,
1474
23
         systemd,
1475
diff --git a/debian/tests/sshd-socket-generator b/debian/tests/sshd-socket-generator
1476
18
new file mode 100644
24
new file mode 100644
1477
index 0000000..da6b4d6
1478
--- /dev/null
1479
+++ b/debian/tests/sshd-socket-generator
1480
@@ -0,0 +1,105 @@
1481
1
#!/bin/bash
1482
2
1483
3
test_default() (
1484
4
    set -xeuo pipefail
1485
5
1486
6
    /usr/lib/systemd/system-generators/sshd-socket-generator "$testdir"
1487
7
1488
8
    # Nothing should be generated in this case.
1489
9
    test ! -e "$testdir/ssh.socket.d"
1490
10
)
1491
11
1492
12
test_custom_port() (
1493
13
    set -xeuo pipefail
1494
14
1495
15
    echo "Port 1234" >> "$testconf"
1496
16
1497
17
    /usr/lib/systemd/system-generators/sshd-socket-generator "$testdir"
1498
18
1499
19
    grep -q "^ListenStream=1234" "$socket_override"
1500
20
)
1501
21
1502
22
test_mutiple_custom_ports() (
1503
23
    set -xeuo pipefail
1504
24
1505
25
    echo "Port 1234" >> "$testconf"
1506
26
    echo "Port 4321" >> "$testconf"
1507
27
1508
28
    /usr/lib/systemd/system-generators/sshd-socket-generator "$testdir"
1509
29
1510
30
    grep -q "^ListenStream=1234" "$socket_override"
1511
31
    grep -q "^ListenStream=4321" "$socket_override"
1512
32
)
1513
33
1514
34
test_custom_listenaddress() (
1515
35
    set -xeuo pipefail
1516
36
1517
37
    echo "ListenAddress 10.1.2.3" >> "$testconf"
1518
38
1519
39
    /usr/lib/systemd/system-generators/sshd-socket-generator "$testdir"
1520
40
1521
41
    grep -q "^ListenStream=10.1.2.3:22" "$socket_override"
1522
42
)
1523
43
1524
44
test_custom_listenaddress_and_port() (
1525
45
    set -xeuo pipefail
1526
46
1527
47
    echo "Port 1234" >> "$testconf"
1528
48
    echo "ListenAddress 10.1.2.3" >> "$testconf"
1529
49
1530
50
    /usr/lib/systemd/system-generators/sshd-socket-generator "$testdir"
1531
51
1532
52
    grep -q "^ListenStream=10.1.2.3:1234" "$socket_override"
1533
53
)
1534
54
1535
55
test_custom_ipv6_listenaddress() (
1536
56
    set -xeuo pipefail
1537
57
1538
58
    echo "ListenAddress 2001:db8:85a3::8a2e:370:7334" >> "$testconf"
1539
59
1540
60
    /usr/lib/systemd/system-generators/sshd-socket-generator "$testdir"
1541
61
1542
62
    grep -q "^ListenStream=\[2001:db8:85a3::8a2e:370:7334\]:22" "$socket_override"
1543
63
)
1544
64
1545
65
tmpdir="$(mktemp -d)"
1546
66
testconf="/etc/ssh/sshd_config.d/test.conf"
1547
67
failed=
1548
68
1549
69
mkdir -p /etc/ssh/sshd_config.d
1550
70
1551
71
for test_fn in \
1552
72
    "test_default" \
1553
73
    "test_custom_port" \
1554
74
    "test_mutiple_custom_ports" \
1555
75
    "test_custom_listenaddress" \
1556
76
    "test_custom_listenaddress_and_port" \
1557
77
    "test_custom_ipv6_listenaddress"
1558
78
do
1559
79
    echo -n "$test_fn..."
1560
80
1561
81
    testdir="${tmpdir}/${test_fn}"
1562
82
    socket_override="${testdir}/ssh.socket.d/addresses.conf"
1563
83
    mkdir -p "$testdir"
1564
84
1565
85
    $test_fn > "${AUTOPKGTEST_ARTIFACTS}/${test_fn}.log" 2>&1
1566
86
    if [[ $? -eq 0 ]]; then
1567
87
        echo "PASS"
1568
88
    else
1569
89
        echo "FAIL"
1570
90
        failed="${failed:+$failed }$test_fn"
1571
91
    fi
1572
92
1573
93
    >"$testconf"
1574
94
done
1575
95
1576
96
if [[ -n "$failed" ]]; then
1577
97
    for t in $failed; do
1578
98
        echo "--------------------------------------------"
1579
99
        echo "FAIL: $t"
1580
100
        echo "--------------------------------------------"
1581
101
        cat "${AUTOPKGTEST_ARTIFACTS}/${t}.log"
1582
102
    done
1583
103
1584
104
    exit 1
1585
105
fi
Status:	Merged
Merged at revision:	f29f3057cc20e93124eef7e1034d72026601d3f1
Proposed branch:	~enr0n/ubuntu/+source/openssh:generator-v3
Merge into:	ubuntu/+source/openssh:ubuntu/devel
Diff against target:	1585 lines (+572/-621) 29 files modified debian/README.Debian (+12/-13) debian/changelog (+27/-0) debian/control (+1/-0) debian/openssh-server.install (+2/-0) debian/openssh-server.postinst (+27/-171) debian/openssh-server.postrm (+0/-4) debian/openssh-server.templates (+0/-12) debian/openssh-server.ucf-md5sum (+6/-0) debian/patches/series (+1/-1) debian/patches/sshd-socket-generator.patch (+363/-0) debian/po/cs.po (+1/-26) debian/po/da.po (+1/-26) debian/po/de.po (+1/-26) debian/po/es.po (+1/-26) debian/po/fr.po (+1/-26) debian/po/it.po (+1/-26) debian/po/ja.po (+1/-26) debian/po/nl.po (+1/-26) debian/po/pt.po (+1/-26) debian/po/pt_BR.po (+1/-26) debian/po/ru.po (+3/-28) debian/po/sv.po (+1/-26) debian/po/templates.pot (+2/-27) debian/po/tr.po (+2/-27) debian/rules (+1/-1) debian/systemd/ssh.socket (+3/-1) debian/tests/control (+6/-0) debian/tests/sshd-socket-generator (+105/-0) dev/null (+0/-50)
Related bugs:	Link a bug report
Reviewer	Review Type	Date Requested	Status
Steve Langasek (community)		2024-02-14	Approve on 2024-02-15
Review via email: mp+460543@code.launchpad.net