Merge branch 'sshkey-ux' into 'master'

Add reminder to not paste private SSH keys ## What does this MR do? Just got the "How would you make GitLab better?" mail and thought that I could follow it. This commit adds a short reminder to not paste the private part of an SSH key to the form where one can add SSH keys to one's account. I think that's an useful message, both for people who aren't that experienced yet and for people who are sleep-deprived. :-) I decided to just list the most common key type, `ssh-rsa`. The full list of key types in the [CVS repository of OpenSSH](http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.bin/ssh/sshkey.c?rev=HEAD&content-type=text/plain) contains some types which I'd regard as a bit obscure. Mentioning all of those types would probably clutter the form too much. We could think about whether to list what is probably the second most common key type, namely `ssh-dss`. But note that this key type [seems to be deprecated](https://security.stackexchange.com/questions/5096/rsa-vs-dsa-for-ssh-authentication-keys). ## Are there points in the code the reviewer needs to double check? I didn't actually test this one-line change. ## Why was this MR needed? It's not, strictly speaking, needed, but could be considered a nice addition. See merge request !4399

Merge branch 'sshkey-ux' into 'master'
Add reminder to not paste private SSH keys ## What does this MR do? Just got the "How would you make GitLab better?" mail and thought that I could follow it. This commit adds a short reminder to not paste the private part of an SSH key to the form where one can add SSH keys to one's account. I think that's an useful message, both for people who aren't that experienced yet and for people who are sleep-deprived. :-) I decided to just list the most common key type, `ssh-rsa`. The full list of key types in the [CVS repository of OpenSSH](http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.bin/ssh/sshkey.c?rev=HEAD&content-type=text/plain) contains some types which I'd regard as a bit obscure. Mentioning all of those types would probably clutter the form too much. We could think about whether to list what is probably the second most common key type, namely `ssh-dss`. But note that this key type [seems to be deprecated](https://security.stackexchange.com/questions/5096/rsa-vs-dsa-for-ssh-authentication-keys). ## Are there points in the code the reviewer needs to double check? I didn't actually test this one-line change. ## Why was this MR needed? It's not, strictly speaking, needed, but could be considered a nice addition. See merge request !4399
b4d7fef6 · Rémy Coutable · 11ba19e3 · 47e20899 · b4d7fef6 · b4d7fef6
Commit b4d7fef6 authored Jul 11, 2016 by Rémy Coutable
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

CHANGELOG CHANGELOG +1 -0

app/views/profiles/keys/_form.html.haml app/views/profiles/keys/_form.html.haml +1 -1

No files found.
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -62,6 +62,7 @@ v 8.10.0 (unreleased)
  - Fix 404 redirect after validation fails importing a GitLab project
  - Added setting to set new users by default as external !4545 (Dravere)
  - Add min value for project limit field on user's form !3622 (jastkand)
+  - Add reminder to not paste private SSH keys !4399 (Ingo Blechschmidt)

 v 8.9.5
  - Add more debug info to import/export and memory killer. !5108

--- a/app/views/profiles/keys/_form.html.haml
+++ b/app/views/profiles/keys/_form.html.haml
@@ -4,7 +4,7 @@

    .form-group
      = f.label :key, class: 'label-light'
-      = f.text_area :key, class: "form-control", rows: 8, required: true
+      = f.text_area :key, class: "form-control", rows: 8, required: true, placeholder: "Don't paste the private part of the SSH key. Paste the public part, which is usually contained in the file '~/.ssh/id_rsa.pub' and begins with 'ssh-rsa'."
    .form-group
      = f.label :title, class: 'label-light'
      = f.text_field :title, class: "form-control", required: true