#!/bin/sh -e

action="$1"
oldversion="$2"

if [ -f /etc/ssh/ssh_host_key ]
then
  echo "You already have a host key in /etc/ssh/ssh_host_key."
else
  umask 022; echo "Generating 1024 bit host key."; \
   ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N ''
fi

echo
echo "You should read the documentation and then configure /etc/ssh/ssh_config"
echo "and /etc/ssh/sshd_config to your sites needs and preferences."

# check to see if Berkley protocols are still active
if [ "$action" = install ] && grep -q "^\(login\|shell\|exec\)\b" /etc/inetd.conf
then
  echo
  echo "For ssh to be effective you should disable rsh, rlogin and rexec"
  echo -n "Do you want to do this right now? (y/n) [y] " 
  if [ -z "$input" ] || expr "$input" : '[Yy]' >/dev/null
  then
    cat <<EOF
Disabling rsh, rlogin and rexec .....
You can enable them again with:    update-inetd --enable login,shell,exec
EOF
    
    update-inetd --disable login,shell,exec
  fi
fi

if test -n "$oldversion" && dpkg --compare-versions "$oldversion" le "1.2.20-4"
then
  cat <<!EOF!
WARNING: ssh now takes note of /etc/hosts.{allow,deny} settings, so it may now
deny access from machines that were previously allowed.  If you are currently
logged in via ssh, please check that you can still log in _before_ logging
out from this session.

Press <RETURN> to continue.
!EOF!
  read input
fi

#DEBHELPER#
