postinst is in openssh-server 1:7.6p1-4ubuntu0.3.
This file is a maintainer script. It is executed when installing (*inst) or removing (*rm) the package.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 | #!/bin/sh
set -e
. /usr/share/debconf/confmodule
db_version 2.0
action="$1"
oldversion="$2"
umask 022
get_config_option() {
option="$1"
[ -f /etc/ssh/sshd_config ] || return
# TODO: actually only one '=' allowed after option
perl -lne '
s/[[:space:]]+/ /g; s/[[:space:]]+$//;
print if s/^[[:space:]]*'"$option"'[[:space:]=]+//i' \
/etc/ssh/sshd_config
}
host_keys_required() {
hostkeys="$(get_config_option HostKey)"
if [ "$hostkeys" ]; then
echo "$hostkeys"
else
# No HostKey directives at all, so the server picks some
# defaults.
echo /etc/ssh/ssh_host_rsa_key
echo /etc/ssh/ssh_host_ecdsa_key
echo /etc/ssh/ssh_host_ed25519_key
fi
}
create_key() {
msg="$1"
shift
hostkeys="$1"
shift
file="$1"
shift
if echo "$hostkeys" | grep -x "$file" >/dev/null && \
[ ! -f "$file" ] ; then
echo -n $msg
ssh-keygen -q -f "$file" -N '' "$@"
echo
if which restorecon >/dev/null 2>&1; then
restorecon "$file" "$file.pub"
fi
ssh-keygen -l -f "$file.pub"
fi
}
create_keys() {
hostkeys="$(host_keys_required)"
create_key "Creating SSH2 RSA key; this may take some time ..." \
"$hostkeys" /etc/ssh/ssh_host_rsa_key -t rsa
create_key "Creating SSH2 DSA key; this may take some time ..." \
"$hostkeys" /etc/ssh/ssh_host_dsa_key -t dsa
create_key "Creating SSH2 ECDSA key; this may take some time ..." \
"$hostkeys" /etc/ssh/ssh_host_ecdsa_key -t ecdsa
create_key "Creating SSH2 ED25519 key; this may take some time ..." \
"$hostkeys" /etc/ssh/ssh_host_ed25519_key -t ed25519
}
new_config=
cleanup() {
if [ "$new_config" ]; then
rm -f "$new_config"
fi
}
create_sshdconfig() {
# XXX cjwatson 2016-12-24: This debconf template is very confusingly
# named; its description is "Disable SSH password authentication for
# root?", so true -> prohibit-password (the upstream default),
# false -> yes.
db_get openssh-server/permit-root-login
permit_root_login="$RET"
db_get openssh-server/password-authentication
password_authentication="$RET"
trap cleanup EXIT
new_config="$(tempfile)"
cp -a /usr/share/openssh/sshd_config "$new_config"
if [ "$permit_root_login" != true ]; then
sed -i 's/^#*PermitRootLogin .*/PermitRootLogin yes/' \
"$new_config"
fi
if [ "$password_authentication" != true ]; then
sed -i 's/^#PasswordAuthentication .*/PasswordAuthentication no/' \
"$new_config"
fi
mkdir -p /etc/ssh
ucf --three-way --debconf-ok \
--sum-file /usr/share/openssh/sshd_config.md5sum \
"$new_config" /etc/ssh/sshd_config
ucfr openssh-server /etc/ssh/sshd_config
}
fix_statoverride() {
# Remove an erronous override for sshd (we should have overridden ssh)
if dpkg-statoverride --list /usr/sbin/sshd >/dev/null; then
dpkg-statoverride --remove /usr/sbin/sshd
fi
}
setup_sshd_user() {
if ! getent passwd sshd >/dev/null; then
adduser --quiet --system --no-create-home --home /run/sshd --shell /usr/sbin/nologin sshd
fi
}
if [ "$action" = configure ]; then
create_sshdconfig
create_keys
fix_statoverride
setup_sshd_user
# Renamed to /etc/ssh/moduli in 2.9.9 (!)
if dpkg --compare-versions "$2" lt-nl 1:4.7p1-1; then
rm -f /etc/ssh/primes
fi
if dpkg --compare-versions "$2" lt-nl 1:5.5p1-6; then
rm -f /run/sshd/.placeholder
fi
if dpkg --compare-versions "$2" lt-nl 1:6.5p1-2 && \
deb-systemd-helper debian-installed ssh.socket && \
deb-systemd-helper --quiet was-enabled ssh.service && \
deb-systemd-helper --quiet was-enabled ssh.socket; then
# 1:6.5p1-1 mistakenly left both ssh.service and ssh.socket
# enabled.
deb-systemd-helper disable ssh.socket >/dev/null || true
fi
if dpkg --compare-versions "$2" lt-nl 1:6.5p1-3 && \
[ -d /run/systemd/system ]; then
# We must stop the sysvinit-controlled sshd before we can
# restart it under systemd.
start-stop-daemon --stop --quiet --oknodo --pidfile /run/sshd.pid --exec /usr/sbin/sshd || true
fi
fi
# Automatically added by dh_systemd_enable/11.1.6ubuntu1
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
# This will only remove masks created by d-s-h on package removal.
deb-systemd-helper unmask 'ssh.service' >/dev/null || true
# was-enabled defaults to true, so new installations run enable.
if deb-systemd-helper --quiet was-enabled 'ssh.service'; then
# Enables the unit on first installation, creates new
# symlinks on upgrades if the unit file has changed.
deb-systemd-helper enable 'ssh.service' >/dev/null || true
else
# Update the statefile to add new symlinks (if any), which need to be
# cleaned up on purge. Also remove old symlinks.
deb-systemd-helper update-state 'ssh.service' >/dev/null || true
fi
fi
# End automatically added section
# Automatically added by dh_systemd_enable/11.1.6ubuntu1
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
if deb-systemd-helper debian-installed 'ssh.socket'; then
# This will only remove masks created by d-s-h on package removal.
deb-systemd-helper unmask 'ssh.socket' >/dev/null || true
if deb-systemd-helper --quiet was-enabled 'ssh.socket'; then
# Create new symlinks, if any.
deb-systemd-helper enable 'ssh.socket' >/dev/null || true
fi
fi
# Update the statefile to add new symlinks (if any), which need to be cleaned
# up on purge. Also remove old symlinks.
deb-systemd-helper update-state 'ssh.socket' >/dev/null || true
fi
# End automatically added section
# Automatically added by dh_installdeb/11.1.6ubuntu1
dpkg-maintscript-helper mv_conffile /etc/pam.d/ssh /etc/pam.d/sshd 1:4.7p1-4~ -- "$@"
# End automatically added section
# Automatically added by dh_installdeb/11.1.6ubuntu1
dpkg-maintscript-helper rm_conffile /etc/init/ssh.conf 1:7.5p1-6~ -- "$@"
# End automatically added section
# Automatically added by dh_installinit/11.1.6ubuntu1
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
if [ -x "/etc/init.d/ssh" ]; then
update-rc.d ssh defaults >/dev/null
if [ -n "$2" ]; then
_dh_action=restart
else
_dh_action=start
fi
invoke-rc.d ssh $_dh_action || exit 1
fi
fi
# End automatically added section
db_stop
exit 0
|