From 3529bdf5b65016cea331f8ba6e7293c7eea9e6ce Mon Sep 17 00:00:00 2001 From: An-Cheng Huang Date: Mon, 13 Oct 2008 15:31:26 -0700 Subject: add ssh key blacklists --- debian/control | 3 ++- debian/vyatta-cfg-system.postinst.in | 16 ++++++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) (limited to 'debian') diff --git a/debian/control b/debian/control index 4b5692bb..877ee68c 100644 --- a/debian/control +++ b/debian/control @@ -24,7 +24,8 @@ Depends: sed (>= 4.1.5), snmpd, vyatta-keepalived, bridge-utils, - ssh, + ssh (>= 5.1p1-3), + openssh-server (>= 5.1p1-3), ed, tshark, iputils-arping diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in index 0dd6248f..fe50fa79 100644 --- a/debian/vyatta-cfg-system.postinst.in +++ b/debian/vyatta-cfg-system.postinst.in @@ -66,6 +66,20 @@ EOF %users ALL=NOPASSWD: ${bindir}/sudo-users/ ### END VYATTA EOF + + # set up blacklists + for f in blacklist.DSA-1024 blacklist.RSA-2048; do + if [ -r "/etc/ssh/$f" ]; then + l=$(head -1 $sysconfdir/$f) + if ! grep -q "$l" /etc/ssh/$f; then + tmp=$(mktemp /tmp/bl.XXXXXXXXXX) + cat /etc/ssh/$f $sysconfdir/$f | sort >$tmp + mv $tmp /etc/ssh/$f + fi + else + cp $sysconfdir/$f /etc/ssh/$f + fi + done fi # update crontab for logrotate @@ -87,6 +101,8 @@ fi sed -i 's/^set /builtin set /' /etc/bash_completion +/usr/sbin/dpkg-reconfigure -f noninteractive openssh-server + # Local Variables: # mode: shell-script # sh-indentation: 4 -- cgit v1.2.3 From 1ae422b13aac7ae6d9c412ae0f392f465d7537af Mon Sep 17 00:00:00 2001 From: An-Cheng Huang Date: Mon, 13 Oct 2008 16:11:08 -0700 Subject: use epoch in package version number --- debian/control | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'debian') diff --git a/debian/control b/debian/control index 877ee68c..2888d0e3 100644 --- a/debian/control +++ b/debian/control @@ -24,8 +24,8 @@ Depends: sed (>= 4.1.5), snmpd, vyatta-keepalived, bridge-utils, - ssh (>= 5.1p1-3), - openssh-server (>= 5.1p1-3), + ssh (>= 1:5.1p1-3), + openssh-server (>= 1:5.1p1-3), ed, tshark, iputils-arping -- cgit v1.2.3 From 81c8c9f28dff67e7ff3208278790f3381bc879dc Mon Sep 17 00:00:00 2001 From: An-Cheng Huang Date: Mon, 13 Oct 2008 19:09:41 -0700 Subject: remove unused files --- debian/vyatta-cfg-system.postinst.in | 2 ++ 1 file changed, 2 insertions(+) (limited to 'debian') diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in index fe50fa79..b484c2a1 100644 --- a/debian/vyatta-cfg-system.postinst.in +++ b/debian/vyatta-cfg-system.postinst.in @@ -102,6 +102,8 @@ fi sed -i 's/^set /builtin set /' /etc/bash_completion /usr/sbin/dpkg-reconfigure -f noninteractive openssh-server +rm -f /etc/ssh/*.broken +update-rc.d -f ssh remove >/dev/null # Local Variables: # mode: shell-script -- cgit v1.2.3 From ec928267b1e61e7a957515ad553bd171baf2d651 Mon Sep 17 00:00:00 2001 From: Mark O'Brien Date: Tue, 14 Oct 2008 17:30:18 -0700 Subject: 3.1.4 --- debian/changelog | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index 803fdb87..28c93bf7 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,21 @@ +vyatta-cfg-system (0.14) unstable; urgency=low + + 3.1.4 + [ Mark O'Brien ] + + + [ Robert Bays ] + * fix ssh keygen on startup + + [ An-Cheng Huang ] + * remove unused files + * use epoch in package version number + * add ssh key blacklists + + [ Mark O'Brien ] + + -- Mark O'Brien Tue, 14 Oct 2008 17:30:18 -0700 + vyatta-cfg-system (0.13) unstable; urgency=low 3.1.3 -- cgit v1.2.3