Feature 319624: YaST - Existing SSH Host Keys Dialog
|Target version:||openQA Project - Milestone 3|
For details see https://fate.suse.com/319624
First check if the Feature status is "done".
YaST has the following feature that could lead to security implications.
HINT: Existing SSH Host Keys
If you install SUSE Linux Enterprise Server on a machine with one or more existing Linux installations, the installation routine automatically imports the SSH host key with the most recent access time from an existing installation.¶
If a system was compromised the keys shouldn't be used during system re-installation. Currently the user needs to delete the keys manually or to delete the complete partition table so that YaST will not find the data during installation.
The idea of this feature is to have a special YaST dialog that notifies the user that an old system was found and offers the option to import the existing SSH keys. This would make the import and the already existing feature more transparent.
The current list is here, in control file: https://github.com/yast/skelcd-control-SLES/blob/d2f9a79c0681806bf02eb38c4b7c287b9d9434eb/control/control.SLES.xml#L53-L71