Bug 117673

Summary: import ssh-keys from another installation
Product: [openSUSE] SUSE LINUX 10.0 Reporter: m. bracher <mbra>
Component: InstallationAssignee: Jiri Srain <jsrain>
Status: RESOLVED DUPLICATE QA Contact: Klaus Kämpf <kkaempf>
Severity: Enhancement    
Priority: P5 - None CC: postadal, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: All   
Whiteboard:
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description m. bracher 2005-09-18 14:04:50 UTC 
Not a bug, just an enhancement proposal:

It would be nice when the installer is able to copy the ssh keys from another
installation to the new installation, instead of generating new keys (to avoid
message "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!")
The installer already detects other Linux installations (to add in grub-menu),
then it should be easy to copy the ssh*key* .
When it is a new installation, overwriting a old one, the ssh-keys should be
copied to a ram-disk before formatting the old partition
Comment 1 Lukas Ocilka 2005-09-19 11:02:19 UTC 
That would be a security problem. From YaST/Installation point of view it will
not be possible. Reassigning to the openssh maintainer.
Comment 2 Petr Ostadal 2005-09-19 11:32:40 UTC 
I agree with Lukas, I don't think that it is good idea. You have to backup your
keys by yourself if you do new installation. (Yast have to decide from partition
will take these keys and have to understand syntax of /etc/ssh/sshd_config to
decide which keys are used).

Andreas, what do you think about it?
Comment 3 Andreas Jaeger 2005-09-19 13:16:12 UTC 
I think this is a good idea.

Security team, do you have any issues with this?
Comment 4 Ludwig Nussel 2005-09-19 13:21:59 UTC 
I find it a good idea as well. You need to ask the user whether he wants to 
copy the ssh keys of course. In case of multiple partitions you need to ask 
from which partition as well. Just copy /etc/ssh/*key* preserving permissions.
Comment 5 Petr Ostadal 2005-09-19 14:13:23 UTC 
To find proper keys you have to grep /etc/ssh/sshd_config by "HostKey" and snip
appropriate record.
Comment 6 Andreas Jaeger 2006-01-04 10:12:57 UTC 
Let's add it - but I guess this is something for 10.2.
Comment 7 Petr Ostadal 2006-01-04 12:46:58 UTC 
Stano, I think this is job for yast team, isn't it? When you like help with anythink, please tell me.
Comment 9 Christoph Thiel 2006-04-06 14:34:24 UTC 
Something for the 10.2 timeframe.
Comment 10 Jiri Srain 2007-08-09 16:05:44 UTC 
This bug was fixed for 10.2...
Comment 11 Jiri Srain 2007-08-09 16:09:39 UTC 
... marking as duplicate of the remaining issue...


*** This bug has been marked as a duplicate of bug 298798 ***