By default ssh-keygen uses an insecure password encryption method on the ssh key.
This change will add options to better protect the key.
See this page for more detail: https://latacora.singles/2018/08/03/the-default-openssh.html
Even if the user does not set a password, using the `-o` option needs to become
the new standard way to run `ssh-keygen`, since the default behavior is insecure.
Your help in establishing this option will be greatly appreciated and will help
improve overall security for your users and ssh users in general.
Originally submitted at
https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/6796.
Signed-off-by: Rémy Coutable <remy@rymai.me>
The keytype field is actually `ssh-dss` for DSA keys and they will not
be stored as `id_rsa.pub`.
Note that newer version of ssh actually also support
`ecdsa-sha2-nistp256` and others so it is also misleading to assume the
field always starts with `ssh-`.
Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/875
Provide help for people who aren't SSH-clued by indicating
how to point to key files that have been named something
other than the default. A lot of people seem to assume that
the filename they choose is irrelevant and then wonder why
their private key is not being found by simple 'ssh' commands.
Evan Read
Takuya Noguchi
Marcel Amirault
Achilleas Pipinellis
Peter Willis
Andreas Kämmerle
Mark Chao
Pascal Borreli
Marcia Ramos
Nick Thomas
Adam Niedzielski
Ben Bodenmiller
Rémy Coutable
Achilleas Pipinellis
Sean Packham
Caesar Schinas
Aaron Power
Felix Eckhofer
Laurens Stötzel
Alex Jordan
Robert Schilling
karen Carias
Jeff Blaine
Bart Deslagmulder
Sytse Sijbrandij
Ewan Edwards
Ciro Santilli
dosire