| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add developer documentation to sshd package
See merge request https://gitlab.com/gitlab-org/gitlab-shell/-/merge_requests/683
Merged-by: Ash McKenzie <amckenzie@gitlab.com>
Approved-by: Alejandro RodrÃguez <alejandro@gitlab.com>
Approved-by: Oscar Tovar <otovar@gitlab.com>
Approved-by: James Fargher <proglottis@gmail.com>
Approved-by: John Cai <jcai@gitlab.com>
Approved-by: Amy Qualls <aqualls@gitlab.com>
Approved-by: Ash McKenzie <amckenzie@gitlab.com>
Co-authored-by: Igor Drozdov <idrozdov@gitlab.com>
|
| | | |
|
| | |
| |
| |
| |
| | |
MustStrictWhiteListPolicy panics when configured incorrectly. So here we
use the error returning version instead.
|
| | |
| |
| |
| | |
Changelog: added
|
| |/
|
|
|
|
|
| |
Instead of interpreting the configuration for every new connection, we
can rely on a closure to simplify the proxy handler path. This is more
similar to how the provided MustStrictWhiteListPolicy works which will
be added in a later commit.
|
| |
|
|
|
|
|
|
| |
`ignoredError.err` was being used in a Goroutine handler, but the
value of `ignoredError` changes with each test case. To avoid a race,
make a local copy of the error before each Goroutine runs.
Closes https://gitlab.com/gitlab-org/gitlab-shell/-/issues/590
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
While gitlab-shell currently has a major version of v14, the module path
it exposes is not using that major version like it is required by the Go
standard. This makes it impossible for dependents to import gitlab-shell
as a dependency without using a commit as version.
Fix this by changing the module path of gitlab-shell to instead be
`gitlab.com/gitlab-org/gitlab-shell/v14` and adjust all imports
accordingly.
Changelog: fixed
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds support for specifying host certificates via the
`host_cert_files` option and advertises the signed key to the
client. This acts similarly to OpenSSH's `HostCertificate` parameter:
gitlab-sshd attempts to match a host key to its certificate, and then
substitutes the matching host key with a certificate signed by a
trusted certificate authority's key.
This is the first requirement to supporting SSH certificates. This
will enable the client to trust the server if both trust a common
certificate authority. The `TrustedUserCAKeys` option will need to be
supported later for the server to trust all user keys signed by this
certificate authority.
Relates to https://gitlab.com/gitlab-org/gitlab-shell/-/issues/495
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If a client requests a ref that cannot be found in the repository,
previously gitlab-sshd would record it as part of its service level
indicator metric. This is really an application error between the
client and the Git repository, so we exclude it from our metrics.
Relates to
https://gitlab.com/gitlab-com/gl-infra/reliability/-/issues/15848
Changelog: fixed
|
| | |
|
| | |
|
| |\
| |
| |
| |
| | |
Improve establish session duration metrics
See merge request gitlab-org/gitlab-shell!651
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Before we took into account the time a user takes to authenticate
Now it only measures the time between a connection established and
a command started to being executed
It's still can be controlled by a user, but it's something we can
measure and restrict if necessary
|
| |/
|
|
|
|
| |
In production, we saw gitlab-sshd error metrics rise, but it was not
clear why. We now log a message every time we encounter a session
error that affects the service level indicator counter.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
The config option is basically a copy of LoginGraceTime OpenSSH
option.
If an SSH connection is hanging unauthenticated, after some period
of time, the connection gets canceled. The value is configurable,
the server waits for 60 seconds by default.
|
| |
|
|
|
|
|
|
|
|
|
| |
When graceful shutdown timeout expires, the global context is
canceled. All the operations dependent on it are canceled as well.
Unfortunately, some of the operations doesn't respect the context.
For example, SSH connection initialization.
In this case, we need to manually close the connection.
One of the options is to wait for ctx.Done() and close the connection
|
| | |
|
| |
|
|
|
| |
It seems that a lot of users rely on this, let's return it and
deprecated later to make the migration less disruptive
|
| |
|
|
|
| |
The errors happen when a client closes a connection on handshake
They can be ignored to avoid noise
|
| |
|
|
|
|
|
| |
When a user hits repository rate limit, Gitaly returns an error
that the request can't be handled (Gitaly unavailable)
We should avoid this error to avoid exceeding the error rate
|
| |
|
|
|
| |
- Use console package to format the errors in gitlab-sshd
- Suppress internal Gitaly errors in client output
|
| |\
| |
| |
| |
| | |
Downgrade host key mismatch messages from warning to debug
See merge request gitlab-org/gitlab-shell!639
|
| | |
| |
| |
| | |
This message doesn't provide that much value, so let's just drop it.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In production, we often see SSH key scans requesting host key
algorithms that we don't support, such as `sk-ssh-ed25519@openssh.com`
or `sk-ecdsa-sha2-nistp256@openssh.com`.
These messages might be useful if someone forgets to configure a host
key that should be supported, but most of the time they are noise.
This commit downgrades these messages to DEBUG.
Relates to https://gitlab.com/gitlab-org/gitlab-shell/-/issues/581
Changelog: changed
|
| |/ |
|
| |
|
|
|
|
| |
We don't support diffie-hellman-group14-sha1 via OpenSSH currently
Let's avoid introducing it in gitlab-sshd because it's using
weak hashing algorithm
|
| |
|
|
|
|
|
|
| |
Issue: https://gitlab.com/gitlab-org/gitlab-shell/-/issues/576
ProxyHeaderTimeout must be small to avoid DoS risk
Let's make the value configurable and 500ms by default
|
| |
|
|
|
| |
- If an integer is specified, we assume that these are seconds
- A duration of format "500ms", "10s", "1m", etc... accepted
|
| |
|
|
|
| |
MACs, Ciphers and KEX algorithms now can be configured
If the values are empty, reasonable defaults are used
|
| |
|
|
|
|
| |
When API isn't responsible or the resource is not accessible
(returns 404 or 403), then we shouldn't consider it as an error
on gitlab-sshd side
|
| |
|
|
| |
When a request get canceled we don't want to consider it an error
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If they haven't been executed within a timeout, we unblock the
execution.
Issue: https://gitlab.com/gitlab-org/gitlab-shell/-/issues/563
We have an issue when a lot of git clones operations get canceled.
It was assumed that some clients close the connection just after
all the data has been received from Git server. If there was a
network delay and gitlab-sshd hadn't managed to gracefully close
the connection, context get canceled and Gitaly cancels the
execution and returns the error.
Let's wait for a perion to allow Gitaly to gracefully complete the
operation
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Git clients sometimes open a connection and leave it idling,
like when compressing objects.
Settings like timeout client in HAProxy might cause these
idle connections to be terminated.
Let's send the keepalive message in order to prevent a client
from closing
|
| |\
| |
| |
| |
| | |
Log the error that happens on sconn.Wait()
See merge request gitlab-org/gitlab-shell!613
|
| | |
| |
| |
| |
| |
| |
| | |
Warning level is used because a non-nil error is logged even for
successful scenarios
We plan to use it for debug reasons
|
| |\ \
| | |
| | |
| | |
| | | |
Make PROXY policy configurable
See merge request gitlab-org/gitlab-shell!619
|
| | |/
| |
| |
| |
| | |
It would give us more flexibility when we decide to enable
PROXY protocol
|
| |/
|
|
|
|
|
|
|
| |
Most of the time a connection fails due to the client's
misconfiguration or when a client cancels a request, so we
shouldn't treat them as an error
Warnings will help us to track the errors whether
they happened on the server-side
|
| |\
| |
| |
| |
| | |
feat: replace status mutex with RWMutex
See merge request gitlab-org/gitlab-shell!604
|
| | | |
|
| |/
|
|
| |
This reverts commit 3a2c8f2c47774a35d840ec8baf54341beede5d43.
|
| |
|
|
|
|
|
|
|
| |
- Observe time to establish a session
- Log the duration of the successfully established connection
- Observe total time to handle the connection
- Log the duration of the successfully executed connection
- Observe the count of ssh connections
- Observe the count of failed ssh connections
|
| |
|
|
| |
We need to pass time.Now as a param, otherwise it's calculated on call
|
| | |
|
| | |
|
| |
|
|
|
|
| |
- Counter of HTTP merge requests
- Gauge of HTTP requests currently being performed
- Gauge of connections currently handled by gitlab sshd
|
