action #11454

Feature 319624: YaST - Existing SSH Host Keys Dialog

Added by maritawerner about 4 years ago. Updated over 3 years ago.

Status:ResolvedStart date:01/04/2016
Priority:UrgentDue date:
Assignee:dzedro% Done:

100%

Category:-
Target version:openQA Project - Milestone 3
Difficulty:
Duration:

Description

For details see https://fate.suse.com/319624

First check if the Feature status is "done".

YaST has the following feature that could lead to security implications.

https://www.suse.com/documentation/sles-12/book_sle_deployment/data/sec_i_yast2_proposal.html

HINT: Existing SSH Host Keys

If you install SUSE Linux Enterprise Server on a machine with one or more existing Linux installations, the installation routine automatically imports the SSH host key with the most recent access time from an existing installation.

If a system was compromised the keys shouldn't be used during system re-installation. Currently the user needs to delete the keys manually or to delete the complete partition table so that YaST will not find the data during installation.

The idea of this feature is to have a special YaST dialog that notifies the user that an old system was found and offers the option to import the existing SSH keys. This would make the import and the already existing feature more transparent.

The current list is here, in control file: https://github.com/yast/skelcd-control-SLES/blob/d2f9a79c0681806bf02eb38c4b7c287b9d9434eb/control/control.SLES.xml#L53-L71

History

#1 Updated by RBrownSUSE about 4 years ago

  • Target version set to 168

#2 Updated by okurz almost 4 years ago

  • Target version changed from 168 to Milestone 3

#3 Updated by dzedro almost 4 years ago

  • Assignee set to dzedro

#4 Updated by RBrownSUSE over 3 years ago

  • Priority changed from Normal to Urgent

#5 Updated by dzedro over 3 years ago

  • Status changed from New to In Progress

#6 Updated by dzedro over 3 years ago

PR for ssh key dialog test suite

#8 Updated by okurz over 3 years ago

Feature test: PASSED

@dzedro: What do you think is missing from this issue? Looks complete to me unless you want to add to openSUSE, too.

#9 Updated by dzedro over 3 years ago

I will add it to openSUSE too

Also available in: Atom PDF