| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |/ / |
|
| |\ \
| | |
| | |
| | |
| | | |
Narrow supported kex algorithms
See merge request gitlab-org/gitlab-shell!638
|
| |/ /
| |
| |
| |
| |
| | |
We don't support diffie-hellman-group14-sha1 via OpenSSH currently
Let's avoid introducing it in gitlab-sshd because it's using
weak hashing algorithm
|
| |\ \
| | |
| | |
| | |
| | | |
Release 14.5.0
See merge request gitlab-org/gitlab-shell!636
|
| |/ /
| |
| |
| | |
- Make ProxyHeaderTimeout configurable !635
|
| |\ \
| | |
| | |
| | |
| | | |
Make ProxyHeaderTimeout configurable
See merge request gitlab-org/gitlab-shell!635
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Issue: https://gitlab.com/gitlab-org/gitlab-shell/-/issues/576
ProxyHeaderTimeout must be small to avoid DoS risk
Let's make the value configurable and 500ms by default
|
| |/ /
| |
| |
| |
| | |
- If an integer is specified, we assume that these are seconds
- A duration of format "500ms", "10s", "1m", etc... accepted
|
| |\ \
| | |
| | |
| | |
| | | |
Release 14.4.0
See merge request gitlab-org/gitlab-shell!634
|
| |/ /
| |
| |
| |
| | |
- Allow configuring SSH server algorithms !633
- Update gitlab-org/golang-crypto module version !632
|
| |\ \
| | |
| | |
| | |
| | | |
Allow configuring SSH server algorithms
See merge request gitlab-org/gitlab-shell!633
|
| |/ /
| |
| |
| |
| | |
MACs, Ciphers and KEX algorithms now can be configured
If the values are empty, reasonable defaults are used
|
| |\ \
| | |
| | |
| | |
| | | |
Update gitlab-org/golang-crypto module version
See merge request gitlab-org/gitlab-shell!632
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This update pulls in:
1. https://gitlab.com/gitlab-org/golang-crypto/-/merge_requests/3,
which syncs the module with upstream master and supports the new
`curve25519-sha256@libssh.org` kex name.
2. https://gitlab.com/gitlab-org/golang-crypto/-/merge_requests/4,
which adds:
* MACs: hmac-sha2-512-etm@openssh.com, hmac-sha2-512
* Cipher: aes256-gcm@openssh.com
Relates to https://gitlab.com/gitlab-org/gitlab-shell/-/issues/575
|
| |\ \
| | |
| | |
| | |
| | | |
Release v14.3.1
See merge request gitlab-org/gitlab-shell!631
|
| |/ /
| |
| |
| | |
- Exclude API errors from error rate !630
|
| |\ \
| | |
| | |
| | |
| | | |
Exclude API errors from error rate
See merge request gitlab-org/gitlab-shell!630
|
| | | |
| | |
| | |
| | |
| | |
| | | |
When API isn't responsible or the resource is not accessible
(returns 404 or 403), then we shouldn't consider it as an error
on gitlab-sshd side
|
| |\ \ \
| | | |
| | | |
| | | |
| | | | |
Git ignore .DS_Store
See merge request gitlab-org/gitlab-shell!629
|
| |/ / / |
|
| |\ \ \
| |/ /
|/| |
| | |
| | |
| | |
| | | |
Resolve "Dependency update DOCKER_VERSION: 20.10.15"
Closes #571
See merge request gitlab-org/gitlab-shell!628
|
| |/ / |
|
| |\ \
| | |
| | |
| | |
| | | |
Release v14.3.0
See merge request gitlab-org/gitlab-shell!627
|
| |/ /
| |
| |
| |
| | |
- Remove deprecated bundler-audit !626
- Wait until all Gitaly sessions are executed !624
|
| |\ \
| | |
| | |
| | |
| | | |
Wait until all Gitaly sessions are executed
See merge request gitlab-org/gitlab-shell!624
|
| | | |
| | |
| | |
| | | |
When a request get canceled we don't want to consider it an error
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If they haven't been executed within a timeout, we unblock the
execution.
Issue: https://gitlab.com/gitlab-org/gitlab-shell/-/issues/563
We have an issue when a lot of git clones operations get canceled.
It was assumed that some clients close the connection just after
all the data has been received from Git server. If there was a
network delay and gitlab-sshd hadn't managed to gracefully close
the connection, context get canceled and Gitaly cancels the
execution and returns the error.
Let's wait for a perion to allow Gitaly to gracefully complete the
operation
|
| |/ / |
|
| |\ \
| |/
|/|
| |
| | |
Remove deprecated bundler-audit
See merge request gitlab-org/gitlab-shell!626
|
| |/
|
|
|
| |
It's been removed in:
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/86704
|
| |\
| |
| |
| |
| | |
Release 14.2.0
See merge request gitlab-org/gitlab-shell!623
|
| |/
|
|
|
| |
- Implement ClientKeepAlive option
- build: bump go-proxyproto to 0.6.2
|
| |\
| |
| |
| |
| | |
Implement ClientKeepAlive option
See merge request gitlab-org/gitlab-shell!622
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Git clients sometimes open a connection and leave it idling,
like when compressing objects.
Settings like timeout client in HAProxy might cause these
idle connections to be terminated.
Let's send the keepalive message in order to prevent a client
from closing
|
| |\ \
| |/
|/|
| |
| | |
build: bump go-proxyproto to 0.6.2
See merge request gitlab-org/gitlab-shell!610
|
| | | |
|
| |\ \
| | |
| | |
| | |
| | | |
Release 14.1.1
See merge request gitlab-org/gitlab-shell!621
|
| |/ /
| |
| |
| | |
- Log the error that happens on sconn.Wait() !613
|
| |\ \
| | |
| | |
| | |
| | | |
Use require.WithinDuration to fix flaky test
See merge request gitlab-org/gitlab-shell!617
|
| | |/ |
|
| |\ \
| | |
| | |
| | |
| | | |
Log the error that happens on sconn.Wait()
See merge request gitlab-org/gitlab-shell!613
|
| | |/
| |
| |
| |
| |
| |
| | |
Warning level is used because a non-nil error is logged even for
successful scenarios
We plan to use it for debug reasons
|
| |\ \
| | |
| | |
| | |
| | | |
Release 14.1.0
See merge request gitlab-org/gitlab-shell!620
|
| |/ / |
|
| |\ \
| | |
| | |
| | |
| | | |
Make PROXY policy configurable
See merge request gitlab-org/gitlab-shell!619
|
| | | |
| | |
| | |
| | |
| | | |
It would give us more flexibility when we decide to enable
PROXY protocol
|
| |\ \ \
| |/ /
|/| |
| | |
| | | |
Exclude authentication errors from error rate
See merge request gitlab-org/gitlab-shell!611
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Most of the time a connection fails due to the client's
misconfiguration or when a client cancels a request, so we
shouldn't treat them as an error
Warnings will help us to track the errors whether
they happened on the server-side
|
| |\ \ \
| | | |
| | | |
| | | |
| | | | |
Fix check_ip argument when gitlab-sshd used with PROXY protocol
See merge request gitlab-org/gitlab-shell!616
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When gitlab-sshd were used with the PROXY protocol, the `check_ip`
argument passed to `/api/v4/internal/allowed` was the Go remote
address, which is a host and port combination
(e.g. 127.0.0.1:12345). As a result, This prevents IP restrictions
from working properly on Rails. We fix this by stripping out the port
if it is present.
When OpenSSH is used, this is not an issue because the IP address
is extracted from `SSH_CONNECTION`.
Changelog: fixed
|
