diff options
Diffstat (limited to 'doc/security')
| -rw-r--r-- | doc/security/README.md | 1 | ||||
| -rw-r--r-- | doc/security/img/ssh_keys_restrictions_settings.png | bin | 0 -> 41803 bytes | |||
| -rw-r--r-- | doc/security/ssh_keys_restrictions.md | 18 | 
3 files changed, 19 insertions, 0 deletions
| diff --git a/doc/security/README.md b/doc/security/README.md index 38706e48ec5..1f54948d113 100644 --- a/doc/security/README.md +++ b/doc/security/README.md @@ -1,6 +1,7 @@  # Security  - [Password length limits](password_length_limits.md) +- [Restrict allowed SSH key technologies and minimum length](ssh_keys_restrictions.md)  - [Rack attack](rack_attack.md)  - [Webhooks and insecure internal web services](webhooks.md)  - [Information exclusivity](information_exclusivity.md) diff --git a/doc/security/img/ssh_keys_restrictions_settings.png b/doc/security/img/ssh_keys_restrictions_settings.pngBinary files differ new file mode 100644 index 00000000000..b62bfc2f7e0 --- /dev/null +++ b/doc/security/img/ssh_keys_restrictions_settings.png diff --git a/doc/security/ssh_keys_restrictions.md b/doc/security/ssh_keys_restrictions.md new file mode 100644 index 00000000000..32ca7dacab3 --- /dev/null +++ b/doc/security/ssh_keys_restrictions.md @@ -0,0 +1,18 @@ +# Restrict allowed SSH key technologies and minimum length + +`ssh-keygen` allows users to create RSA keys with as few as 768 bits, which +falls well below recommendations from certain standards groups (such as the US +NIST). Some organizations deploying Gitlab will need to enforce minimum key +strength, either to satisfy internal security policy or for regulatory +compliance. + +Similarly, certain standards groups recommend using RSA or ECDSA over the older +DSA and administrators may need to limit the allowed SSH key algorithms. + +GitLab allows you to restrict the allowed SSH key technology as well as specify +the minimum key length for each technology. + +In the Admin area under **Settings** (`/admin/application_settings`), look for +the "Visibility and Access Controls" area: + + | 
