Remove comment from SSH public key on https://gitlab-installation/username.keys
Summary
Since GitLab v6.6.0 one can retrieve the public SSH keys of a user via HTTP:
- Retrieving user ssh keys publically(github style): http://__HOST__/__USERNAME__.keys
github.com serves the pubkey completely without a comment. I think GitLab should emulate this behaviour.
Also this is afaik personally identifiable information. This way you can connect a cryptographically secure value to a name/person. This should always be up to the user!
Steps to reproduce
Options:
curl https://gitlab.com/__USERNAME__.keys
curl https://github.com/__USERNAME__.keys
wget https://gitlab.com/__USERNAME__.keys
wget https://github.com/__USERNAME__.keys
or open one of the URLs in your browser.
Nice to have
Give the option to the user to change this behaviour in the settings either globally or on a 'per key' basis.
Example:
- Do you wish to publish your SSH public keys via http://HOST/USERNAME.keys?
- [Y|n]
Yes
seems to be the usual (expected?) behaviour. (Though for a long time I did not know that this feature existed. I can see that it might be very useful but still informed consent would be nice where possible.)
- Do you want to add your full name to the key comment?
- [y|N]
No
should be the default behaviour.
PS: Could someone please give me an RTFM (including a link to the relevant documentation) because having looked at https://docs.gitlab.com/ce/ssh/README.html I cannot find a section in the documentation that mentions this feature. :-)
References: