Package: openssh-server Version: 1:5.2p1-2 I have configured ssh-server to be not running by default (no symlink in rc*.d directories to /etc/init.d/ssh), since I start the sshd only rarely and only when I'm on "secure" network. And even though ssh was not running, upgrading ssh via apt-get "restarted" the server, effectively starting it:
Setting up openssh-server (1:5.2p1-2) ... update-rc.d: warning: ssh start runlevel arguments (2 3 4 5) do not match LSB Default-Start values (none) update-rc.d: warning: ssh stop runlevel arguments (none) do not match LSB Default-Stop values (1) Restarting OpenBSD Secure Shell server: sshd. I think the sshd should only be restarted when it is actually running, otherwise it can open up to password-guessing attacks or alike on some configurations when I do not expect sshd to be automatically running in first place... -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
