Remove `-o` documentation from SSH key generation

`ssh-keygen -o` is not documented, nor is the reference to the blog sourced as to what `-o` is

Remove `-o` documentation from SSH key generation
`ssh-keygen -o` is not documented, nor is the reference to the blog sourced as to what `-o` is
41b19409 · Dan Davison · Achilleas Pipinellis · 9224100c · 41b19409
Commit 41b19409 authored Oct 14, 2019 by Dan Davison Committed by Achilleas Pipinellis Oct 14, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 24 additions and 16 deletions

doc/ssh/README.md doc/ssh/README.md +24 -16

No files found.
--- a/doc/ssh/README.md
+++ b/doc/ssh/README.md
@@ -83,20 +83,6 @@ The minimum key size is 1024 bits, defaulting to 2048. If you wish to generate a
 stronger RSA key pair, specify the `-b` flag with a higher bit value than the
 default.

-The old, default password encoding for SSH private keys is
-[insecure](https://latacora.micro.blog/the-default-openssh/);
-it's only a single round of an MD5 hash. Since OpenSSH version 6.5, you should
-use the `-o` option to `ssh-keygen` to encode your private key in a new, more
-secure format.
-
-If you already have an RSA SSH key pair to use with GitLab, consider upgrading it
-to use the more secure password encryption format by using the following command
-on the private key:
-
-```bash
-ssh-keygen -o -f ~/.ssh/id_rsa
-```
-
 ## Generating a new SSH key pair

 Before creating an SSH key pair, make sure to understand the
@@ -114,7 +100,7 @@ To create a new SSH key pair:
   Or, if you want to use RSA:

   ```bash
-   ssh-keygen -o -t rsa -b 4096 -C "email@example.com"
+   ssh-keygen -t rsa -b 4096 -C "email@example.com"
   ```

   The `-C` flag adds a comment in the key in case you have multiple of them
@@ -139,9 +125,31 @@ To create a new SSH key pair:
   you can use the `-p` flag:

   ```
-   ssh-keygen -p -o -f <keyname>
+   ssh-keygen -p -f <keyname>
   ```

+### OpenSSH < v7.8
+
+Pre OpenSSH 7.8, default password encoding for SSH private keys was
+[insecure](https://latacora.micro.blog/the-default-openssh/);
+it's only a single round of an MD5 hash. For OpenSSH version 6.5 to version 7.8, you should
+use the `-o` option to `ssh-keygen` to [encode your private key in a new, more
+secure format.](https://superuser.com/questions/1455735/what-does-ssh-keygen-o-do#answer-1455738)
+
+If you already have an RSA SSH key pair to use with GitLab, consider upgrading it
+to use the more secure password encryption format by using the following command
+on the private key:
+
+```bash
+ssh-keygen -o -f ~/.ssh/id_rsa
+```
+
+Or generate a new RSA key:
+
+```bash
+ssh-keygen -o -t rsa -b 4096 -C "email@example.com"
+```
+
 Now, it's time to add the newly created public key to your GitLab account.

 ## Adding an SSH key to your GitLab account