diff options
| author | Douwe Maan <douwe@gitlab.com> | 2018-01-09 15:55:25 +0000 |
|---|---|---|
| committer | Douwe Maan <douwe@gitlab.com> | 2018-01-09 15:55:25 +0000 |
| commit | 596f270450c743c95237a5342b85bb8df3650395 (patch) | |
| tree | 169bbc79848d02b54799f8a5d10729901f5f9712 | |
| parent | 4b87aa680dee9db97ec4db9b8106636c951c4415 (diff) | |
| parent | c73eb55d93f067c8e55632d38df57fdb51f08220 (diff) | |
| download | gitlab-ce-596f270450c743c95237a5342b85bb8df3650395.tar.gz | |
Merge branch 'improve-ssh-lookup-docs' into 'master'
Improve SSH database key lookup documentation
Closes #41399
See merge request gitlab-org/gitlab-ce!16048
| -rw-r--r-- | GITLAB_SHELL_VERSION | 2 | ||||
| -rw-r--r-- | doc/administration/operations/fast_ssh_key_lookup.md | 32 |
2 files changed, 6 insertions, 28 deletions
diff --git a/GITLAB_SHELL_VERSION b/GITLAB_SHELL_VERSION index e030a0157c9..c68d476cc8e 100644 --- a/GITLAB_SHELL_VERSION +++ b/GITLAB_SHELL_VERSION @@ -1 +1 @@ -5.10.3 +5.11.0 diff --git a/doc/administration/operations/fast_ssh_key_lookup.md b/doc/administration/operations/fast_ssh_key_lookup.md index b86168f935a..835ed8c8006 100644 --- a/doc/administration/operations/fast_ssh_key_lookup.md +++ b/doc/administration/operations/fast_ssh_key_lookup.md @@ -25,34 +25,12 @@ GitLab Shell provides a way to authorize SSH users via a fast, indexed lookup to the GitLab database. GitLab Shell uses the fingerprint of the SSH key to check whether the user is authorized to access GitLab. -Create the directory `/opt/gitlab-shell` first: - -```bash -sudo mkdir -p /opt/gitlab-shell -``` - -Create this file at `/opt/gitlab-shell/authorized_keys`: - -``` -#!/bin/bash - -if [[ "$1" == "git" ]]; then - /opt/gitlab/embedded/service/gitlab-shell/bin/authorized_keys $2 -fi -``` - -Set appropriate ownership and permissions: - -``` -sudo chown root:git /opt/gitlab-shell/authorized_keys -sudo chmod 0650 /opt/gitlab-shell/authorized_keys -``` - -Add the following to `/etc/ssh/sshd_config` or to `/assets/sshd_config` if you -are using Omnibus Docker: +Add the following to your `sshd_config` file. This is usuaully located at +`/etc/ssh/sshd_config`, but it will be `/assets/sshd_config` if you're using +Omnibus Docker: ``` -AuthorizedKeysCommand /opt/gitlab-shell/authorized_keys %u %k +AuthorizedKeysCommand /opt/embedded/gitlab-shell/bin/gitlab-shell-authorized-keys-check git %u %k AuthorizedKeysCommandUser git ``` @@ -70,7 +48,7 @@ Confirm that SSH is working by removing your user's SSH key in the UI, adding a new one, and attempting to pull a repo. > **Warning:** Do not disable writes until SSH is confirmed to be working -perfectly because the file will quickly become out-of-date. +perfectly, because the file will quickly become out-of-date. In the case of lookup failures (which are not uncommon), the `authorized_keys` file will still be scanned. So git SSH performance will still be slow for many |