action #11454
closedFeature 319624: YaST - Existing SSH Host Keys Dialog
100%
Description
For details see https://fate.suse.com/319624
First check if the Feature status is "done".
YaST has the following feature that could lead to security implications.
https://www.suse.com/documentation/sles-12/book_sle_deployment/data/sec_i_yast2_proposal.html¶
HINT: Existing SSH Host Keys
If you install SUSE Linux Enterprise Server on a machine with one or more existing Linux installations, the installation routine automatically imports the SSH host key with the most recent access time from an existing installation.¶
If a system was compromised the keys shouldn't be used during system re-installation. Currently the user needs to delete the keys manually or to delete the complete partition table so that YaST will not find the data during installation.
The idea of this feature is to have a special YaST dialog that notifies the user that an old system was found and offers the option to import the existing SSH keys. This would make the import and the already existing feature more transparent.
The current list is here, in control file: https://github.com/yast/skelcd-control-SLES/blob/d2f9a79c0681806bf02eb38c4b7c287b9d9434eb/control/control.SLES.xml#L53-L71
Updated by okurz over 8 years ago
- Target version changed from 168 to Milestone 3
Updated by dzedro over 8 years ago
Updated by okurz over 8 years ago
Feature test: PASSED
@dzedro: What do you think is missing from this issue? Looks complete to me unless you want to add to openSUSE, too.
Updated by dzedro over 8 years ago
- Status changed from In Progress to Resolved
- % Done changed from 0 to 100