From f51edd7c19a8b40849f5a15e85d43a8c36503bf8 Mon Sep 17 00:00:00 2001 From: Peter Willis Date: Sat, 4 Aug 2018 02:44:52 +0000 Subject: [PATCH] Update with secure password encryption methods By default ssh-keygen uses an insecure password encryption method on the ssh key. This change will add options to better protect the key. See this page for more detail: https://latacora.singles/2018/08/03/the-default-openssh.html Even if the user does not set a password, using the `-o` option needs to become the new standard way to run `ssh-keygen`, since the default behavior is insecure. Your help in establishing this option will be greatly appreciated and will help improve overall security for your users and ssh users in general. --- doc/ssh/README.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/doc/ssh/README.md b/doc/ssh/README.md index 63f0a654fcf9b8..368c9e7c6a34b7 100644 --- a/doc/ssh/README.md +++ b/doc/ssh/README.md @@ -48,8 +48,10 @@ Note that Public SSH key may also be named as follows: **Git Bash on Windows / GNU/Linux / macOS:** ```bash - ssh-keygen -t rsa -C "your.email@example.com" -b 4096 + ssh-keygen -o -t rsa -C "your.email@example.com" -b 4096 ``` + + (Note: the `-o` option was introduced in 2014; if this command does not work for you, simply remove the `-o` option and try again) **Windows:** @@ -75,7 +77,9 @@ Note that Public SSH key may also be named as follows: NOTE: **Note:** If you want to change the password of your SSH key pair, you can use - `ssh-keygen -p `. + `ssh-keygen -p -o -f `. + The `-o` option was added in 2014, so if this command does not work for you, + simply remove the `-o` option and try again. ## Adding a SSH key to your GitLab account -- GitLab