Add Possibility to Restrict allowed SSH key technologies for GitLab.com

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Close this issue

Problem Statement

Currently, GitLab.com customers cannot restrict which SSH key technologies (like RSA) are allowed within their namespace, unlike self-managed instances where admins have this control. This creates a security concern for organizations wanting to enforce specific SSH key policies.

Current Behavior

RSA SSH keys are allowed by default on GitLab.com
No way to restrict SSH key technologies at namespace level
No control over minimum key lengths for specific technologies
Self-managed instances have these controls, but GitLab.com does not

Desired Behavior

Add functionality to restrict allowed SSH key technologies at the namespace level on GitLab.com, including:

Ability to specify which SSH key technologies are allowed/disallowed
Option to set minimum key lengths per technology
Block git push/pull operations when a restricted key is used

Technical Considerations

Direct blocking of SSH key creation based on group settings may be challenging
Initial implementation could focus on blocking git operations when restricted keys are used

User Impact

This feature would primarily benefit customers on GitLab.com who require stricter security controls over SSH key usage within their organization.

Description was generated using AI

Edited Aug 28, 2025 by 🤖 GitLab Bot 🤖