diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-02-04 09:15:28 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-02-04 09:15:28 +0300 |
| commit | 1a1473f44731b3f78a8485337abd3d14833efb4a (patch) | |
| tree | f6e650301bc6a85242684518a91b20aee0f5f691 /doc/security | |
| parent | 9f7f0ef116cd8f57446e1e395d8c2d6c88148096 (diff) | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc/security')
| -rw-r--r-- | doc/security/ssh_keys_restrictions.md | 8 | ||||
| -rw-r--r-- | doc/security/two_factor_authentication.md | 6 |
2 files changed, 9 insertions, 5 deletions
diff --git a/doc/security/ssh_keys_restrictions.md b/doc/security/ssh_keys_restrictions.md index 1b3d33c56c7..2e4a737f9aa 100644 --- a/doc/security/ssh_keys_restrictions.md +++ b/doc/security/ssh_keys_restrictions.md @@ -13,9 +13,9 @@ NIST). Some organizations deploying GitLab need to enforce minimum key strength, either to satisfy internal security policy or for regulatory compliance. -Similarly, certain standards groups recommend using RSA, ECDSA, or ED25519 over -the older DSA, and administrators may need to limit the allowed SSH key -algorithms. +Similarly, certain standards groups recommend using RSA, ECDSA, ED25519, +ECDSA_SK, or ED25519_SK over the older DSA, and administrators may need to +limit the allowed SSH key algorithms. GitLab allows you to restrict the allowed SSH key technology as well as specify the minimum key length for each technology: @@ -45,6 +45,8 @@ By default, the GitLab.com and self-managed settings for the - DSA SSH keys are forbidden ([since GitLab 11.0](https://about.gitlab.com/releases/2018/06/22/gitlab-11-0-released/#support-for-dsa-ssh-keys)). - ECDSA SSH keys are allowed. - ED25519 SSH keys are allowed. +- ECDSA_SK SSH keys are allowed (GitLab 14.8 and later). +- ED25519_SK SSH keys are allowed (GitLab 14.8 and later). <!-- ## Troubleshooting diff --git a/doc/security/two_factor_authentication.md b/doc/security/two_factor_authentication.md index aad2af11f2f..e8bb627ccbd 100644 --- a/doc/security/two_factor_authentication.md +++ b/doc/security/two_factor_authentication.md @@ -116,8 +116,10 @@ reactivate 2FA from scratch if they want to use it again. WARNING: This feature might not be available to you. Check the **version history** note above for details. -Two-factor authentication can be enforced for Git over SSH operations. The one-time password (OTP) -verification can be done via a GitLab Shell command: +Two-factor authentication can be enforced for Git over SSH operations. However, we recommend using +[ED25519_SK](../ssh/index.md#ed25519_sk-ssh-keys) or [ECDSA_SK](../ssh/index.md#ecdsa_sk-ssh-keys) SSH keys instead. + +The one-time password (OTP) verification can be done using a command: ```shell ssh git@<hostname> 2fa_verify |