summaryrefslogtreecommitdiff
path: root/debian/vyatta-cfg-system.postinst.in
diff options
context:
space:
mode:
authorAn-Cheng Huang <ancheng@vyatta.com>2008-10-13 15:30:52 -0700
committerAn-Cheng Huang <ancheng@vyatta.com>2008-10-13 15:30:52 -0700
commit22b1e03e3b042e1899ef31d9759f88c87a3ab58e (patch)
tree280e46052c9317fcf9413a26ce8282da4f249482 /debian/vyatta-cfg-system.postinst.in
parent87e65021f2a105070cd44578a3d91bef8da2b8e1 (diff)
downloadvyatta-cfg-system-22b1e03e3b042e1899ef31d9759f88c87a3ab58e.tar.gz
vyatta-cfg-system-22b1e03e3b042e1899ef31d9759f88c87a3ab58e.zip
add ssh key blacklists
Diffstat (limited to 'debian/vyatta-cfg-system.postinst.in')
-rw-r--r--debian/vyatta-cfg-system.postinst.in16
1 files changed, 16 insertions, 0 deletions
diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in
index 6e5fa735..26ae9a02 100644
--- a/debian/vyatta-cfg-system.postinst.in
+++ b/debian/vyatta-cfg-system.postinst.in
@@ -66,6 +66,20 @@ EOF
%users ALL=NOPASSWD: ${bindir}/sudo-users/
### END VYATTA
EOF
+
+ # set up blacklists
+ for f in blacklist.DSA-1024 blacklist.RSA-2048; do
+ if [ -r "/etc/ssh/$f" ]; then
+ l=$(head -1 $sysconfdir/$f)
+ if ! grep -q "$l" /etc/ssh/$f; then
+ tmp=$(mktemp /tmp/bl.XXXXXXXXXX)
+ cat /etc/ssh/$f $sysconfdir/$f | sort >$tmp
+ mv $tmp /etc/ssh/$f
+ fi
+ else
+ cp $sysconfdir/$f /etc/ssh/$f
+ fi
+ done
fi
# update crontab for logrotate
@@ -87,6 +101,8 @@ fi
sed -i 's/^set /builtin set /' /etc/bash_completion
+/usr/sbin/dpkg-reconfigure -f noninteractive openssh-server
+
# Fix up PAM configuration for login so that invalid users are prompted
# for password
sed -i 's/requisite[ \t][ \t]*pam_securetty.so/required pam_securetty.so/' $rootfsdir/etc/pam.d/login