Skip to content
Snippets Groups Projects

Support "ecdsa-sk" and "ed25519-sk" SSH keys

Merged Bogdan Denkovych requested to merge support_ecdsa-sk_and_ed25519-sk_ssh_keys into master

What does this MR do and why?

Related to #213259 (closed).

This MR provides support "ecdsa-sk" and "ed25519-sk" SSH keys.

In !77374 (merged), !77403 (merged), !77996 (merged), !77424 (merged), and !78532 (merged) we have done the work that facilitates support "ecdsa-sk" and "ed25519-sk" SSH keys.

By adding support "ecdsa-sk" and "ed25519-sk" SSH keys, we provide a new, more secure, and easy-to-use way to strongly authenticate with Git while preventing unintended and potentially malicious access. For instance, if a user's private key file on their computer is stolen, it would be useless without the user's security key.

Read:

Changelog: added

Screenshots or screen recordings

Demo: Using "ecdsa-sk" and "ed25519-sk" SSH keys - https://www.youtube.com/watch?v=DtmZEVguN7g

Database changes

AddEcdsaSkAndEd25519SkKeyRestrictionsToApplicationSettings migration is reversible:

bogdanvlviv@lenovo:~/gitlab-development-kit/gitlab$ bin/rails db:migrate
== 20220128093756 AddEcdsaSkAndEd25519SkKeyRestrictionsToApplicationSettings: migrating
-- add_column(:application_settings, :ecdsa_sk_key_restriction, :integer, {:default=>0, :null=>false})
   -> 0.0020s
-- add_column(:application_settings, :ed25519_sk_key_restriction, :integer, {:default=>0, :null=>false})
   -> 0.0016s
== 20220128093756 AddEcdsaSkAndEd25519SkKeyRestrictionsToApplicationSettings: migrated (0.0037s)

bogdanvlviv@lenovo:~/gitlab-development-kit/gitlab$ bin/rails db:rollback
== 20220128093756 AddEcdsaSkAndEd25519SkKeyRestrictionsToApplicationSettings: reverting
-- remove_column(:application_settings, :ed25519_sk_key_restriction, :integer, {:default=>0, :null=>false})
   -> 0.0018s
-- remove_column(:application_settings, :ecdsa_sk_key_restriction, :integer, {:default=>0, :null=>false})
   -> 0.0013s
== 20220128093756 AddEcdsaSkAndEd25519SkKeyRestrictionsToApplicationSettings: reverted (0.0044s)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Bogdan Denkovych

Merge request reports

Merged results pipeline #463006181 passed

Pipeline: GitLab

#463019579

    Merged results pipeline passed for 69f9d181

    Test coverage 88.38% (9.46%) from 2 jobs
    Approval is optional

    Merged by Alex PooleyAlex Pooley 3 years ago (Feb 4, 2022 5:47am UTC)

    Merge details

    Pipeline #463320933 passed

    Pipeline passed for 47ab3dd0 on master

    Test coverage 78.94% (9.46%) from 2 jobs
    8 environments impacted.

    Activity

    Filter activity
    • Approvals
    • Assignees & reviewers
    • Comments (from bots)
    • Comments (from users)
    • Commits & branches
    • Edits
    • Labels
    • Lock status
    • Mentions
    • Merge request status
    • Tracking
  • added 1 commit

    • b6781ff6 - Draft: Support "ecdsa-sk" and "ed25519-sk" SSH keys

    Compare with previous version

  • added 1 commit

    • f2f86ccf - Draft: Support "ecdsa-sk" and "ed25519-sk" SSH keys

    Compare with previous version

  • added 1 commit

    • 30d6d2bf - Draft: Support "ecdsa-sk" and "ed25519-sk" SSH keys

    Compare with previous version

  • added 1 commit

    • ca079182 - Draft: Support "ecdsa-sk" and "ed25519-sk" SSH keys

    Compare with previous version

  • Bogdan Denkovych
  • added 1 commit

    • 99b8c7bd - Draft: Support "ecdsa-sk" and "ed25519-sk" SSH keys

    Compare with previous version

  • added 1 commit

    • d59e117b - Draft: Support "ecdsa-sk" and "ed25519-sk" SSH keys

    Compare with previous version

  • added 1 commit

    • 6a5ae3b0 - Draft: Support "ecdsa-sk" and "ed25519-sk" SSH keys

    Compare with previous version

  • A deleted user added documentation label

    added documentation label

  • Allure report

    allure-report-publisher generated test report for 782a634c!

    review-qa-smoke: :pencil: test report
    review-qa-reliable: :pencil: test report

  • mentioned in merge request golang-crypto!1 (merged)

  • added 1 commit

    • e62a44a1 - Draft: Support "ecdsa-sk" and "ed25519-sk" SSH keys

    Compare with previous version

  • added 1 commit

    • 88bdc3b5 - Draft: Support "ecdsa-sk" and "ed25519-sk" SSH keys

    Compare with previous version

  • Bogdan Denkovych changed the description

    changed the description

  • added 1 commit

    • c6e4c411 - Draft: Support "ecdsa-sk" and "ed25519-sk" SSH keys

    Compare with previous version

  • Bogdan Denkovych changed the description

    changed the description

  • Bogdan Denkovych changed the description

    changed the description

  • added 1 commit

    • 97da2dc8 - Support "ecdsa-sk" and "ed25519-sk" SSH keys

    Compare with previous version

  • Bogdan Denkovych marked this merge request as ready

    marked this merge request as ready

  • Bogdan Denkovych changed the description

    changed the description

  • Bogdan Denkovych marked the checklist item I have evaluated the MR acceptance checklist for this MR. as completed

    marked the checklist item I have evaluated the MR acceptance checklist for this MR. as completed

  • Bogdan Denkovych
  • Bogdan Denkovych changed the description

    changed the description

  • Bogdan Denkovych requested review from @eread

    requested review from @eread

  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Please register or sign in to reply
    Loading