Support "ecdsa-sk" and "ed25519-sk" SSH keys
-
Review changes -
-
Download -
Patches
-
Plain diff
What does this MR do and why?
Related to #213259 (closed).
This MR provides support "ecdsa-sk" and "ed25519-sk" SSH keys.
In !77374 (merged), !77403 (merged), !77996 (merged), !77424 (merged), and !78532 (merged) we have done the work that facilitates support "ecdsa-sk" and "ed25519-sk" SSH keys.
By adding support "ecdsa-sk" and "ed25519-sk" SSH keys, we provide a new, more secure, and easy-to-use way to strongly authenticate with Git while preventing unintended and potentially malicious access. For instance, if a user's private key file on their computer is stolen, it would be useless without the user's security key.
Read:
- OpenSSH 8.2 release notes: https://www.openssh.com/releasenotes.html#8.2
- OpenSSH's support for U2F/FIDO security keys: https://github.com/openssh/openssh-portable/blob/8a0848cdd3b25c049332cd56034186b7853ae754/PROTOCOL.u2f
- https://cloud.google.com/compute/docs/tutorials/ssh-with-sk
- https://www.yubico.com/blog/github-now-supports-ssh-security-keys/
- https://github.blog/2021-05-10-security-keys-supported-ssh-git-operations/
Changelog: added
Screenshots or screen recordings
Demo: Using "ecdsa-sk" and "ed25519-sk" SSH keys - https://www.youtube.com/watch?v=DtmZEVguN7g
Database changes
AddEcdsaSkAndEd25519SkKeyRestrictionsToApplicationSettings
migration is reversible:
bogdanvlviv@lenovo:~/gitlab-development-kit/gitlab$ bin/rails db:migrate
== 20220128093756 AddEcdsaSkAndEd25519SkKeyRestrictionsToApplicationSettings: migrating
-- add_column(:application_settings, :ecdsa_sk_key_restriction, :integer, {:default=>0, :null=>false})
-> 0.0020s
-- add_column(:application_settings, :ed25519_sk_key_restriction, :integer, {:default=>0, :null=>false})
-> 0.0016s
== 20220128093756 AddEcdsaSkAndEd25519SkKeyRestrictionsToApplicationSettings: migrated (0.0037s)
bogdanvlviv@lenovo:~/gitlab-development-kit/gitlab$ bin/rails db:rollback
== 20220128093756 AddEcdsaSkAndEd25519SkKeyRestrictionsToApplicationSettings: reverting
-- remove_column(:application_settings, :ed25519_sk_key_restriction, :integer, {:default=>0, :null=>false})
-> 0.0018s
-- remove_column(:application_settings, :ecdsa_sk_key_restriction, :integer, {:default=>0, :null=>false})
-> 0.0013s
== 20220128093756 AddEcdsaSkAndEd25519SkKeyRestrictionsToApplicationSettings: reverted (0.0044s)
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Merge request reports
- version 27458a6127
- version 2681fa758e
- version 25d8b12c25
- version 24debfbbed
- version 235c60b262
- version 229e89b0ea
- version 2128b70678
- version 204588e2d5
- version 19d77e3497
- version 184a4d7c4f
- version 17f69dac90
- version 169217f666
- version 1597da2dc8
- version 14c6e4c411
- version 1388bdc3b5
- version 12e62a44a1
- version 116a5ae3b0
- version 10d59e117b
- version 999b8c7bd
- version 8ca079182
- version 730d6d2bf
- version 6f2f86ccf
- version 5b6781ff6
- version 4689df0e4
- version 32376eb20
- version 2fbfcaee7
- version 1b172dd2b
- master (base)
- latest version782a634c1 commit,
- version 27458a61271 commit,
- version 2681fa758e2 commits,
- version 25d8b12c251 commit,
- version 24debfbbed1 commit,
- version 235c60b2622 commits,
- version 229e89b0ea1 commit,
- version 2128b706785 commits,
- version 204588e2d55 commits,
- version 19d77e34974 commits,
- version 184a4d7c4f4 commits,
- version 17f69dac903 commits,
- version 169217f6662 commits,
- version 1597da2dc81 commit,
- version 14c6e4c4111 commit,
- version 1388bdc3b51 commit,
- version 12e62a44a11 commit,
- version 116a5ae3b01 commit,
- version 10d59e117b1 commit,
- version 999b8c7bd1 commit,
- version 8ca0791821 commit,
- version 730d6d2bf1 commit,
- version 6f2f86ccf1 commit,
- version 5b6781ff61 commit,
- version 4689df0e41 commit,
- version 32376eb201 commit,
- version 2fbfcaee71 commit,
- version 1b172dd2b1 commit,
- Side-by-side
- Inline
There are no changes yet
No changes between version 14 and version 14