Update with secure password encryption methods

By default ssh-keygen uses an insecure password encryption method on the ssh key. This change will add options to better protect the key. See this page for more detail: https://latacora.singles/2018/08/03/the-default-openssh.html Even if the user does not set a password, using the `-o` option needs to become the new standard way to run `ssh-keygen`, since the default behavior is insecure. Your help in establishing this option will be greatly appreciated and will help improve overall security for your users and ssh users in general. Originally submitted at https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/6796. Signed-off-by: Rémy Coutable <remy@rymai.me>
2018-08-04 02:44:52 +00:00 · 2018-08-04 02:44:52 +00:00 · 7a57e8f368
commit 7a57e8f368
parent 3c5da78cff
1 changed files with 15 additions and 11 deletions
--- a/doc/ssh/README.md
+++ b/doc/ssh/README.md
@ -48,9 +48,11 @@ Note that Public SSH key may also be named as follows:
    **Git Bash on Windows / GNU/Linux / macOS:**

    ```bash
-    ssh-keygen -t rsa -C "your.email@example.com" -b 4096
+    ssh-keygen -o -t rsa -C "your.email@example.com" -b 4096
    ```

+    (Note: the `-o` option was introduced in 2014; if this command does not work for you, simply remove the `-o` option and try again)
+
    **Windows:**

    Alternatively on Windows you can download
@ -75,7 +77,9 @@ Note that Public SSH key may also be named as follows:

     NOTE: **Note:**
     If you want to change the password of your SSH key pair, you can use
-     `ssh-keygen -p <keyname>`.
+     `ssh-keygen -p -o -f <keyname>`.
+     The `-o` option was added in 2014, so if this command does not work for you,
+     simply remove the `-o` option and try again.

 ## Adding a SSH key to your GitLab account