Docs: ssh-keygen example creates weak keys
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
-
Start this issue's title with Docs:orDocs feedback:.
Problem to solve
The example command line to create RSA SSH key pairs with ssh-keygen in https://docs.gitlab.com/ee/user/ssh.html#generate-an-ssh-key-pair hardcodes a key length which isn't recommended nowadays. OpenSSH changed the default to 3072 bits in 2019 with the release of OpenSSH 8.0 following the NIST Special Publication 800-57.
Further details
Not sure if GitLab should recommand something better then the OpenSSH/NIST baseline? (4096 bit maybe?)
Proposal
Recommend the command ssh-keygen -t rsa -b 3072 instead of the current example. Note: Just dropping the -b option might be enough assuming users are using OpenSSH >= 8.0 (but are they?)
Who can address the issue
Other links/references
Edited by 🤖 GitLab Bot 🤖