Add admin controls to restrict public SSH key visibility for enhanced security

Release notes

Add ability for GitLab administrators and enterprise organization owners to disable public access to user SSH keys through the API, enhancing security for organizations with strict access control requirements.

Problem to solve

Currently, GitLab's API allows unauthenticated access to user SSH public keys across all instances (GitLab.com, Dedicated, and Self-Managed). While public keys themselves don't pose direct security risks, this allows attackers to:

• Enumerate users on the system
• Determine key types and strengths
• Count number of keys per user
• Detect SSH usage patterns
• Detect rotation of SSH keys

This level of information disclosure is unacceptable for security-conscious organizations and highly regulated environments.

Proposal

Add a new configuration option that allows:

• Instance administrators (for self-managed instances) to disable unauthenticated access to the SSH keys API endpoint
• Enterprise organization owners (for GitLab.com) to disable this feature for their group-owned accounts, Enterprise users
• When disabled, the endpoint will require proper authentication and authorization to access SSH key information
• Similar implementation to existing Restrict search access feature or Disable password authentication for enterprise users

Intended users

• Sidney (Systems Administrator)
• Cameron (Compliance Manager)
• Amy (Application Security Engineer)
• Alex (Security Operations Engineer)

Feature Usage Metrics

Track:

• Number of instances/groups that enable the restriction
• Number of authenticated vs unauthenticated attempts to access the SSH keys API
• Number of blocked unauthenticated attempts after enabling the restriction

Does this feature require an audit event?

Yes, audit events should be generated when:

• The restriction setting is enabled/disabled
• Unauthorized attempts to access restricted SSH key information occur