• Nick Thomas's avatar
    Rework the permissions model for SSH key restrictions · 68470602
    Nick Thomas authored
    `allowed_key_types` is removed and the `minimum_<type>_bits` fields are
    renamed to `<tech>_key_restriction`. A special sentinel value (`-1`) signifies
    that the key type is disabled.
    
    This also feeds through to the UI - checkboxes per key type are out, inline
    selection of "forbidden" and "allowed" (i.e., no restrictions) are in.
    
    As with the previous model, unknown key types are disallowed, even if the
    underlying ssh daemon happens to support them. The defaults have also been
    changed from the lowest known bit size to "no restriction". So if someone
    does happen to have a 768-bit RSA key, it will continue to work on upgrade, at
    least until the administrator restricts them.
    68470602
settings_spec.rb 4.47 KB