Skip to content

Release post: Add SaaS availability: Prevent users from using known insecure public key

Michael Friedrich requested to merge fix-ssh-key-ban-saas-release-15-1 into release-15-1

Why is this change being made?

GitLab 15.1 brings the feature to prevent users from adding banned insecure SSH keys into their profile. This feature is available on both, self-managed and SaaS according to the docs.

This MR updates the release post items for the blog post after verifying that the feature works on GitLab.com SaaS.

The MR targets the release-15-1 branch and can be merged. I have added the feature screenshot from my verification below, the feature is amazing and deserves a picture IMHO.

Steps to verify

  1. Follow the docs https://docs.gitlab.com/ee/security/ssh_keys_restrictions.html#block-banned-or-compromised-keys and the implementation issue gitlab-org/gitlab#24614 (closed)
  2. Open your profile on GitLab.com SaaS, navigate to Preferences > SSH keys https://gitlab.com/-/profile/keys
  3. Copy a bad SSH key from this project, e.g. the Vagrant pub key. https://github.com/rapid7/ssh-badkeys/blob/master/authorized/vagrant-default.pub
  4. Verify the error message, screenshot below.

image

Author Checklist

  • Provided a concise title for this Merge Request (MR)
  • Added a description to this MR explaining the reasons for the proposed change, per say why, not just what
    • Copy/paste the Slack conversation to document it for later, or upload screenshots. Verify that no confidential data is added.
  • Assign reviewers for this MR to the correct Directly Responsible Individual/s (DRI)
    • If the DRI for the page/s being updated isn’t immediately clear, then assign it to one of the people listed in the Maintained by section on the page being edited
    • If your manager does not have merge rights, please ask someone to merge it AFTER it has been approved by your manager in #mr-buddies
  • If the changes affect team members, or warrant an announcement in another way, please consider posting an update in #whats-happening-at-gitlab linking to this MR
    • If this is a change that directly impacts the majority of global team members, it should be a candidate for #company-fyi. Please work with internal communications and check the handbook for examples.
Edited by Michael Friedrich

Merge request reports