Update with secure password encryption methods
By default ssh-keygen uses an insecure password encryption method on the ssh key. This change will add options to better protect the key. See this page for more detail: https://latacora.singles/2018/08/03/the-default-openssh.html Even if the user does not set a password, using the `-o` option needs to become the new standard way to run `ssh-keygen`, since the default behavior is insecure. Your help in establishing this option will be greatly appreciated and will help improve overall security for your users and ssh users in general. Originally submitted at https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/6796. Signed-off-by: Rémy Coutable <remy@rymai.me>
This commit is contained in:
Peter Willis
Rémy Coutable
parent
3c5da78cff
commit
7a57e8f368
1 changed files with 15 additions and 11 deletions
|
|
@ -48,9 +48,11 @@ Note that Public SSH key may also be named as follows:
|
|||
**Git Bash on Windows / GNU/Linux / macOS:**
|
||||
|
||||
```bash
|
||||
ssh-keygen -t rsa -C "your.email@example.com" -b 4096
|
||||
ssh-keygen -o -t rsa -C "your.email@example.com" -b 4096
|
||||
```
|
||||
|
||||
(Note: the `-o` option was introduced in 2014; if this command does not work for you, simply remove the `-o` option and try again)
|
||||
|
||||
**Windows:**
|
||||
|
||||
Alternatively on Windows you can download
|
||||
|
|
@ -75,7 +77,9 @@ Note that Public SSH key may also be named as follows:
|
|||
|
||||
NOTE: **Note:**
|
||||
If you want to change the password of your SSH key pair, you can use
|
||||
`ssh-keygen -p <keyname>`.
|
||||
`ssh-keygen -p -o -f <keyname>`.
|
||||
The `-o` option was added in 2014, so if this command does not work for you,
|
||||
simply remove the `-o` option and try again.
|
||||
|
||||
## Adding a SSH key to your GitLab account
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue