This file is indexed.

postinst is in openssh-server 1:7.6p1-4ubuntu0.3.

This file is a maintainer script. It is executed when installing (*inst) or removing (*rm) the package.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
#!/bin/sh
set -e

. /usr/share/debconf/confmodule
db_version 2.0

action="$1"
oldversion="$2"

umask 022


get_config_option() {
	option="$1"

	[ -f /etc/ssh/sshd_config ] || return

	# TODO: actually only one '=' allowed after option
	perl -lne '
		s/[[:space:]]+/ /g; s/[[:space:]]+$//;
		print if s/^[[:space:]]*'"$option"'[[:space:]=]+//i' \
	   /etc/ssh/sshd_config
}


host_keys_required() {
	hostkeys="$(get_config_option HostKey)"
	if [ "$hostkeys" ]; then
		echo "$hostkeys"
	else
		# No HostKey directives at all, so the server picks some
		# defaults.
		echo /etc/ssh/ssh_host_rsa_key
		echo /etc/ssh/ssh_host_ecdsa_key
		echo /etc/ssh/ssh_host_ed25519_key
	fi
}


create_key() {
	msg="$1"
	shift
	hostkeys="$1"
	shift
	file="$1"
	shift

	if echo "$hostkeys" | grep -x "$file" >/dev/null && \
	   [ ! -f "$file" ] ; then
		echo -n $msg
		ssh-keygen -q -f "$file" -N '' "$@"
		echo
		if which restorecon >/dev/null 2>&1; then
			restorecon "$file" "$file.pub"
		fi
		ssh-keygen -l -f "$file.pub"
	fi
}


create_keys() {
	hostkeys="$(host_keys_required)"

	create_key "Creating SSH2 RSA key; this may take some time ..." \
		"$hostkeys" /etc/ssh/ssh_host_rsa_key -t rsa
	create_key "Creating SSH2 DSA key; this may take some time ..." \
		"$hostkeys" /etc/ssh/ssh_host_dsa_key -t dsa
	create_key "Creating SSH2 ECDSA key; this may take some time ..." \
		"$hostkeys" /etc/ssh/ssh_host_ecdsa_key -t ecdsa
	create_key "Creating SSH2 ED25519 key; this may take some time ..." \
		"$hostkeys" /etc/ssh/ssh_host_ed25519_key -t ed25519
}


new_config=

cleanup() {
	if [ "$new_config" ]; then
		rm -f "$new_config"
	fi
}


create_sshdconfig() {
	# XXX cjwatson 2016-12-24: This debconf template is very confusingly
	# named; its description is "Disable SSH password authentication for
	# root?", so true -> prohibit-password (the upstream default),
	# false -> yes.
	db_get openssh-server/permit-root-login
	permit_root_login="$RET"
	db_get openssh-server/password-authentication
	password_authentication="$RET"

	trap cleanup EXIT
	new_config="$(tempfile)"
	cp -a /usr/share/openssh/sshd_config "$new_config"
	if [ "$permit_root_login" != true ]; then
		sed -i 's/^#*PermitRootLogin .*/PermitRootLogin yes/' \
			"$new_config"
	fi
	if [ "$password_authentication" != true ]; then
		sed -i 's/^#PasswordAuthentication .*/PasswordAuthentication no/' \
			"$new_config"
	fi
	mkdir -p /etc/ssh
	ucf --three-way --debconf-ok \
		--sum-file /usr/share/openssh/sshd_config.md5sum \
		"$new_config" /etc/ssh/sshd_config
	ucfr openssh-server /etc/ssh/sshd_config
}

fix_statoverride() {
# Remove an erronous override for sshd (we should have overridden ssh)
	if dpkg-statoverride --list /usr/sbin/sshd >/dev/null; then
		dpkg-statoverride --remove /usr/sbin/sshd
	fi
}

setup_sshd_user() {
	if ! getent passwd sshd >/dev/null; then
		adduser --quiet --system --no-create-home --home /run/sshd --shell /usr/sbin/nologin sshd
	fi
}

if [ "$action" = configure ]; then
	create_sshdconfig
	create_keys
	fix_statoverride
	setup_sshd_user
	# Renamed to /etc/ssh/moduli in 2.9.9 (!)
	if dpkg --compare-versions "$2" lt-nl 1:4.7p1-1; then
	    rm -f /etc/ssh/primes
	fi
	if dpkg --compare-versions "$2" lt-nl 1:5.5p1-6; then
	    rm -f /run/sshd/.placeholder
	fi
	if dpkg --compare-versions "$2" lt-nl 1:6.5p1-2 && \
	   deb-systemd-helper debian-installed ssh.socket && \
	   deb-systemd-helper --quiet was-enabled ssh.service && \
	   deb-systemd-helper --quiet was-enabled ssh.socket; then
	    # 1:6.5p1-1 mistakenly left both ssh.service and ssh.socket
	    # enabled.
	    deb-systemd-helper disable ssh.socket >/dev/null || true
	fi
	if dpkg --compare-versions "$2" lt-nl 1:6.5p1-3 && \
	   [ -d /run/systemd/system ]; then
	    # We must stop the sysvinit-controlled sshd before we can
	    # restart it under systemd.
	    start-stop-daemon --stop --quiet --oknodo --pidfile /run/sshd.pid --exec /usr/sbin/sshd || true
	fi
fi

# Automatically added by dh_systemd_enable/11.1.6ubuntu1
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
	# This will only remove masks created by d-s-h on package removal.
	deb-systemd-helper unmask 'ssh.service' >/dev/null || true

	# was-enabled defaults to true, so new installations run enable.
	if deb-systemd-helper --quiet was-enabled 'ssh.service'; then
		# Enables the unit on first installation, creates new
		# symlinks on upgrades if the unit file has changed.
		deb-systemd-helper enable 'ssh.service' >/dev/null || true
	else
		# Update the statefile to add new symlinks (if any), which need to be
		# cleaned up on purge. Also remove old symlinks.
		deb-systemd-helper update-state 'ssh.service' >/dev/null || true
	fi
fi
# End automatically added section
# Automatically added by dh_systemd_enable/11.1.6ubuntu1
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
	if deb-systemd-helper debian-installed 'ssh.socket'; then
		# This will only remove masks created by d-s-h on package removal.
		deb-systemd-helper unmask 'ssh.socket' >/dev/null || true

		if deb-systemd-helper --quiet was-enabled 'ssh.socket'; then
			# Create new symlinks, if any.
			deb-systemd-helper enable 'ssh.socket' >/dev/null || true
		fi
	fi

	# Update the statefile to add new symlinks (if any), which need to be cleaned
	# up on purge. Also remove old symlinks.
	deb-systemd-helper update-state 'ssh.socket' >/dev/null || true
fi
# End automatically added section
# Automatically added by dh_installdeb/11.1.6ubuntu1
dpkg-maintscript-helper mv_conffile /etc/pam.d/ssh /etc/pam.d/sshd 1:4.7p1-4~ -- "$@"
# End automatically added section
# Automatically added by dh_installdeb/11.1.6ubuntu1
dpkg-maintscript-helper rm_conffile /etc/init/ssh.conf 1:7.5p1-6~ -- "$@"
# End automatically added section
# Automatically added by dh_installinit/11.1.6ubuntu1
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
	if [ -x "/etc/init.d/ssh" ]; then
		update-rc.d ssh defaults >/dev/null
		if [ -n "$2" ]; then
			_dh_action=restart
		else
			_dh_action=start
		fi
		invoke-rc.d ssh $_dh_action || exit 1
	fi
fi
# End automatically added section


db_stop

exit 0