Skip to content

G
gitlab-ce
Commit 01b6b9f8 authored by Mike Jang's avatar Mike Jang
Browse files
Options

Merge branch '2fa-cli-clarify' into 'master' 

Clarify the 2FA cli behaviour

See merge request gitlab-org/gitlab!54773
parents d88f54d8 2d12673d
Hide whitespace changes
Inline Side-by-side
Showing with 9 additions and 2 deletions
doc/security/two_factor_authentication.md
View file @ 01b6b9f8
...@@ -129,8 +129,15 @@ verification can be done via a GitLab Shell command: ...@@ -129,8 +129,15 @@ verification can be done via a GitLab Shell command:
ssh git@<hostname> 2fa_verify ssh git@<hostname> 2fa_verify
``` ```
Once the OTP is verified, Git over SSH operations can be used for 15 minutes Once the OTP is verified, Git over SSH operations can be used for a session duration of
with the associated SSH key. 15 minutes (default) with the associated SSH key.
### Security limitation
2FA does not protect users with compromised *private* SSH keys.
Once an OTP is verified, anyone can run Git over SSH with that private SSH key for
the configured [session duration](../user/admin_area/settings/account_and_limit_settings.md#customize-session-duration-for-git-operations-when-2fa-is-enabled).
### Enable or disable Two-factor Authentication (2FA) for Git operations ### Enable or disable Two-factor Authentication (2FA) for Git operations
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7