Skip to content

Support "ecdsa-sk" and "ed25519-sk" SSH keys

What does this MR do and why?

Related to #213259 (closed).

This MR provides support "ecdsa-sk" and "ed25519-sk" SSH keys.

In !77374 (merged), !77403 (merged), !77996 (merged), !77424 (merged), and !78532 (merged) we have done the work that facilitates support "ecdsa-sk" and "ed25519-sk" SSH keys.

By adding support "ecdsa-sk" and "ed25519-sk" SSH keys, we provide a new, more secure, and easy-to-use way to strongly authenticate with Git while preventing unintended and potentially malicious access. For instance, if a user's private key file on their computer is stolen, it would be useless without the user's security key.


Changelog: added

Screenshots or screen recordings

Demo: Using "ecdsa-sk" and "ed25519-sk" SSH keys -

Database changes

AddEcdsaSkAndEd25519SkKeyRestrictionsToApplicationSettings migration is reversible:

bogdanvlviv@lenovo:~/gitlab-development-kit/gitlab$ bin/rails db:migrate
== 20220128093756 AddEcdsaSkAndEd25519SkKeyRestrictionsToApplicationSettings: migrating
-- add_column(:application_settings, :ecdsa_sk_key_restriction, :integer, {:default=>0, :null=>false})
   -> 0.0020s
-- add_column(:application_settings, :ed25519_sk_key_restriction, :integer, {:default=>0, :null=>false})
   -> 0.0016s
== 20220128093756 AddEcdsaSkAndEd25519SkKeyRestrictionsToApplicationSettings: migrated (0.0037s)

bogdanvlviv@lenovo:~/gitlab-development-kit/gitlab$ bin/rails db:rollback
== 20220128093756 AddEcdsaSkAndEd25519SkKeyRestrictionsToApplicationSettings: reverting
-- remove_column(:application_settings, :ed25519_sk_key_restriction, :integer, {:default=>0, :null=>false})
   -> 0.0018s
-- remove_column(:application_settings, :ecdsa_sk_key_restriction, :integer, {:default=>0, :null=>false})
   -> 0.0013s
== 20220128093756 AddEcdsaSkAndEd25519SkKeyRestrictionsToApplicationSettings: reverted (0.0044s)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Bogdan Denkovych

Merge request reports