diff options
| author | Nick Thomas <nick@gitlab.com> | 2017-08-21 11:30:03 +0100 |
|---|---|---|
| committer | Nick Thomas <nick@gitlab.com> | 2017-08-30 20:50:44 +0100 |
| commit | b0f982fbdf69c292ab4530c0aaaf1ab42f4e7a01 (patch) | |
| tree | 0d76c74fb6260de1e3c9694a8501491b2eb486ef /doc/security | |
| parent | 81f08d30e641dc1a6666022ab1f5d36dbcdced7e (diff) | |
| download | gitlab-ce-b0f982fbdf69c292ab4530c0aaaf1ab42f4e7a01.tar.gz | |
Add settings for minimum key strength and allowed key type
This is an amalgamation of:
* Cory Hinshaw: Initial implementation !5552
* Rémy Coutable: Updates !9350
* Nick Thomas: Resolve conflicts and add ED25519 support !13712
Diffstat (limited to 'doc/security')
| -rw-r--r-- | doc/security/README.md | 1 | ||||
| -rw-r--r-- | doc/security/img/ssh_keys_restrictions_settings.png | bin | 0 -> 41803 bytes | |||
| -rw-r--r-- | doc/security/ssh_keys_restrictions.md | 18 |
3 files changed, 19 insertions, 0 deletions
diff --git a/doc/security/README.md b/doc/security/README.md index 38706e48ec5..1f54948d113 100644 --- a/doc/security/README.md +++ b/doc/security/README.md @@ -1,6 +1,7 @@ # Security - [Password length limits](password_length_limits.md) +- [Restrict allowed SSH key technologies and minimum length](ssh_keys_restrictions.md) - [Rack attack](rack_attack.md) - [Webhooks and insecure internal web services](webhooks.md) - [Information exclusivity](information_exclusivity.md) diff --git a/doc/security/img/ssh_keys_restrictions_settings.png b/doc/security/img/ssh_keys_restrictions_settings.png Binary files differnew file mode 100644 index 00000000000..b62bfc2f7e0 --- /dev/null +++ b/doc/security/img/ssh_keys_restrictions_settings.png diff --git a/doc/security/ssh_keys_restrictions.md b/doc/security/ssh_keys_restrictions.md new file mode 100644 index 00000000000..32ca7dacab3 --- /dev/null +++ b/doc/security/ssh_keys_restrictions.md @@ -0,0 +1,18 @@ +# Restrict allowed SSH key technologies and minimum length + +`ssh-keygen` allows users to create RSA keys with as few as 768 bits, which +falls well below recommendations from certain standards groups (such as the US +NIST). Some organizations deploying Gitlab will need to enforce minimum key +strength, either to satisfy internal security policy or for regulatory +compliance. + +Similarly, certain standards groups recommend using RSA or ECDSA over the older +DSA and administrators may need to limit the allowed SSH key algorithms. + +GitLab allows you to restrict the allowed SSH key technology as well as specify +the minimum key length for each technology. + +In the Admin area under **Settings** (`/admin/application_settings`), look for +the "Visibility and Access Controls" area: + + |
