diff options
author | Nick Thomas <nick@gitlab.com> | 2017-12-20 15:41:36 +0000 |
---|---|---|
committer | Nick Thomas <nick@gitlab.com> | 2018-01-09 15:20:38 +0000 |
commit | c73eb55d93f067c8e55632d38df57fdb51f08220 (patch) | |
tree | 25ab2de4f3e2f40639b3a75de62d20c1f6ae7a36 /doc/administration/operations | |
parent | 8de1bb9e74a00766c663b1cdf8c7b49ddc060caf (diff) | |
download | gitlab-ce-c73eb55d93f067c8e55632d38df57fdb51f08220.tar.gz |
Use the new gitlab-shell authorized-keys helper in documentation
Diffstat (limited to 'doc/administration/operations')
-rw-r--r-- | doc/administration/operations/fast_ssh_key_lookup.md | 32 |
1 files changed, 5 insertions, 27 deletions
diff --git a/doc/administration/operations/fast_ssh_key_lookup.md b/doc/administration/operations/fast_ssh_key_lookup.md index b86168f935a..835ed8c8006 100644 --- a/doc/administration/operations/fast_ssh_key_lookup.md +++ b/doc/administration/operations/fast_ssh_key_lookup.md @@ -25,34 +25,12 @@ GitLab Shell provides a way to authorize SSH users via a fast, indexed lookup to the GitLab database. GitLab Shell uses the fingerprint of the SSH key to check whether the user is authorized to access GitLab. -Create the directory `/opt/gitlab-shell` first: - -```bash -sudo mkdir -p /opt/gitlab-shell -``` - -Create this file at `/opt/gitlab-shell/authorized_keys`: - -``` -#!/bin/bash - -if [[ "$1" == "git" ]]; then - /opt/gitlab/embedded/service/gitlab-shell/bin/authorized_keys $2 -fi -``` - -Set appropriate ownership and permissions: - -``` -sudo chown root:git /opt/gitlab-shell/authorized_keys -sudo chmod 0650 /opt/gitlab-shell/authorized_keys -``` - -Add the following to `/etc/ssh/sshd_config` or to `/assets/sshd_config` if you -are using Omnibus Docker: +Add the following to your `sshd_config` file. This is usuaully located at +`/etc/ssh/sshd_config`, but it will be `/assets/sshd_config` if you're using +Omnibus Docker: ``` -AuthorizedKeysCommand /opt/gitlab-shell/authorized_keys %u %k +AuthorizedKeysCommand /opt/embedded/gitlab-shell/bin/gitlab-shell-authorized-keys-check git %u %k AuthorizedKeysCommandUser git ``` @@ -70,7 +48,7 @@ Confirm that SSH is working by removing your user's SSH key in the UI, adding a new one, and attempting to pull a repo. > **Warning:** Do not disable writes until SSH is confirmed to be working -perfectly because the file will quickly become out-of-date. +perfectly, because the file will quickly become out-of-date. In the case of lookup failures (which are not uncommon), the `authorized_keys` file will still be scanned. So git SSH performance will still be slow for many |