diff options
Diffstat (limited to 'doc/security')
| -rw-r--r-- | doc/security/README.md | 2 | ||||
| -rw-r--r-- | doc/security/ssh_keys_restrictions.md | 7 |
2 files changed, 5 insertions, 4 deletions
diff --git a/doc/security/README.md b/doc/security/README.md index 1f54948d113..0fea6be8b55 100644 --- a/doc/security/README.md +++ b/doc/security/README.md @@ -1,7 +1,7 @@ # Security - [Password length limits](password_length_limits.md) -- [Restrict allowed SSH key technologies and minimum length](ssh_keys_restrictions.md) +- [Restrict SSH key technologies and minimum length](ssh_keys_restrictions.md) - [Rack attack](rack_attack.md) - [Webhooks and insecure internal web services](webhooks.md) - [Information exclusivity](information_exclusivity.md) diff --git a/doc/security/ssh_keys_restrictions.md b/doc/security/ssh_keys_restrictions.md index 32ca7dacab3..213fa5bfef5 100644 --- a/doc/security/ssh_keys_restrictions.md +++ b/doc/security/ssh_keys_restrictions.md @@ -2,12 +2,13 @@ `ssh-keygen` allows users to create RSA keys with as few as 768 bits, which falls well below recommendations from certain standards groups (such as the US -NIST). Some organizations deploying Gitlab will need to enforce minimum key +NIST). Some organizations deploying GitLab will need to enforce minimum key strength, either to satisfy internal security policy or for regulatory compliance. -Similarly, certain standards groups recommend using RSA or ECDSA over the older -DSA and administrators may need to limit the allowed SSH key algorithms. +Similarly, certain standards groups recommend using RSA, ECDSA, or ED25519 over +the older DSA, and administrators may need to limit the allowed SSH key +algorithms. GitLab allows you to restrict the allowed SSH key technology as well as specify the minimum key length for each technology. |