### Problem to solve Openssh supports using a FIDO2 based security key to store the private key of an ssh key pair. I would like to use this feature, as I use such a security token for 2FA already (on gitlab as well), but these keys have a new key type which is not supported by the gitlab UI for adding ssh keys currently ### Intended users Developers, anyone else pushing/pulling git repositories ### Further details Storing the ssh private key on a security key is a convenient way of securing your ssh access. It allows the secure use of a single ssh key even when switching between computers, since the private key doesn't have to be copied to every machine, or multiple private keys created for the machines. These security keys are also used for secure phishing-resistant 2FA on gitlab already, so a user could use their token for both 2FA and ssh. An example of such a public key: ``` sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBHYsEOLfc3STGIU5I3vi8xIDewxg72BnkHozNfXxc+2CL1e9Mkr3Kn8jMS+ZxF2q5kY8oT6x3G+omFZPc51aszcAAAAEc3NoOg== comment ``` The current UI doesn't consider this a proper ssh public key. ### Proposal This feature is supported since openssh 8.2. Implementation might need an update of the openssh server software, and changes to the ssh key handling. ### Permissions and Security <!-- What permissions are required to perform the described actions? Are they consistent with the existing permissions as documented for users, groups, and projects as appropriate? Is the proposed behavior consistent between the UI, API, and other access methods (e.g. email replies)?--> ### Documentation <!-- See the Feature Change Documentation Workflow https://docs.gitlab.com/ee/development/documentation/feature-change-workflow.html Add all known Documentation Requirements here, per https://docs.gitlab.com/ee/development/documentation/feature-change-workflow.html#documentation-requirements If this feature requires changing permissions, this document https://docs.gitlab.com/ee/user/permissions.html must be updated accordingly. --> ### Availability & Testing <!-- This section needs to be retained and filled in during the workflow planning breakdown phase of this feature proposal, if not earlier. What risks does this change pose to our availability? How might it affect the quality of the product? What additional test coverage or changes to tests will be needed? Will it require cross-browser testing? Please list the test areas (unit, integration and end-to-end) that needs to be added or updated to ensure that this feature will work as intended. Please use the list below as guidance. * Unit test changes * Integration test changes * End-to-end test change See the test engineering planning process and reach out to your counterpart Software Engineer in Test for assistance: https://about.gitlab.com/handbook/engineering/quality/test-engineering/#test-planning --> Add e2e test for git operations with FIDO2-based ssh keys: https://gitlab.com/gitlab-org/quality/testcases/-/issues/2445 ### What does success look like, and how can we measure that? <!-- Define both the success metrics and acceptance criteria. Note that success metrics indicate the desired business outcomes, while acceptance criteria indicate when the solution is working correctly. If there is no way to measure success, link to an issue that will implement a way to measure this. --> ### What is the type of buyer? <!-- Which leads to: in which enterprise tier should this feature go? See https://about.gitlab.com/handbook/product/pricing/#four-tiers --> ### Is this a cross-stage feature? <!-- Communicate if this change will affect multiple Stage Groups or product areas. We recommend always start with the assumption that a feature request will have an impact into another Group. Loop in the most relevant PM and Product Designer from that Group to provide strategic support to help align the Group's broader plan and vision, as well as to avoid UX and technical debt. https://about.gitlab.com/handbook/product/#cross-stage-features --> ### Links / references Openssh 8.2 release notes: http://www.openssh.com/txt/release-8.2 <!-- triage-serverless v3 PLEASE DO NOT REMOVE THIS SECTION --> *This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.* <!-- triage-serverless v3 PLEASE DO NOT REMOVE THIS SECTION -->