summaryrefslogtreecommitdiff
path: root/doc/security
diff options
context:
space:
mode:
authorNick Thomas <nick@gitlab.com>2017-08-25 14:08:48 +0100
committerNick Thomas <nick@gitlab.com>2017-08-30 20:50:44 +0100
commit6847060266792471c9c14518a5106e0f622cd6c5 (patch)
tree291238748abd929e77aaf462b8833bd336e39f5d /doc/security
parentb49b7bc147955df6589b13942d0437a3b4518c7b (diff)
downloadgitlab-ce-6847060266792471c9c14518a5106e0f622cd6c5.tar.gz
Rework the permissions model for SSH key restrictions
`allowed_key_types` is removed and the `minimum_<type>_bits` fields are renamed to `<tech>_key_restriction`. A special sentinel value (`-1`) signifies that the key type is disabled. This also feeds through to the UI - checkboxes per key type are out, inline selection of "forbidden" and "allowed" (i.e., no restrictions) are in. As with the previous model, unknown key types are disallowed, even if the underlying ssh daemon happens to support them. The defaults have also been changed from the lowest known bit size to "no restriction". So if someone does happen to have a 768-bit RSA key, it will continue to work on upgrade, at least until the administrator restricts them.
Diffstat (limited to 'doc/security')
-rw-r--r--doc/security/img/ssh_keys_restrictions_settings.pngbin41803 -> 13698 bytes
1 files changed, 0 insertions, 0 deletions
diff --git a/doc/security/img/ssh_keys_restrictions_settings.png b/doc/security/img/ssh_keys_restrictions_settings.png
index b62bfc2f7e0..7b8bbb05bce 100644
--- a/doc/security/img/ssh_keys_restrictions_settings.png
+++ b/doc/security/img/ssh_keys_restrictions_settings.png
Binary files differ