Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Boxiang Sun
gitlab-ce
Commits
c73eb55d
Commit
c73eb55d
authored
Dec 20, 2017
by
Nick Thomas
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Use the new gitlab-shell authorized-keys helper in documentation
parent
8de1bb9e
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
6 additions
and
28 deletions
+6
-28
GITLAB_SHELL_VERSION
GITLAB_SHELL_VERSION
+1
-1
doc/administration/operations/fast_ssh_key_lookup.md
doc/administration/operations/fast_ssh_key_lookup.md
+5
-27
No files found.
GITLAB_SHELL_VERSION
View file @
c73eb55d
5.1
0.3
5.1
1.0
doc/administration/operations/fast_ssh_key_lookup.md
View file @
c73eb55d
...
@@ -25,34 +25,12 @@ GitLab Shell provides a way to authorize SSH users via a fast, indexed lookup
...
@@ -25,34 +25,12 @@ GitLab Shell provides a way to authorize SSH users via a fast, indexed lookup
to the GitLab database. GitLab Shell uses the fingerprint of the SSH key to
to the GitLab database. GitLab Shell uses the fingerprint of the SSH key to
check whether the user is authorized to access GitLab.
check whether the user is authorized to access GitLab.
Create the directory
`/opt/gitlab-shell`
first:
Add the following to your
`sshd_config`
file. This is usuaully located at
`/etc/ssh/sshd_config`
, but it will be
`/assets/sshd_config`
if you're using
```
bash
Omnibus Docker:
sudo mkdir
-p
/opt/gitlab-shell
```
Create this file at
`/opt/gitlab-shell/authorized_keys`
:
```
#!/bin/bash
if
[[
"
$1
"
==
"git"
]]
;
then
/opt/gitlab/embedded/service/gitlab-shell/bin/authorized_keys
$2
fi
```
Set appropriate ownership and permissions:
```
sudo chown root:git /opt/gitlab-shell/authorized_keys
sudo chmod 0650 /opt/gitlab-shell/authorized_keys
```
Add the following to
`/etc/ssh/sshd_config`
or to
`/assets/sshd_config`
if you
are using Omnibus Docker:
```
```
AuthorizedKeysCommand /opt/
gitlab-shell/authorized_keys
%u %k
AuthorizedKeysCommand /opt/
embedded/gitlab-shell/bin/gitlab-shell-authorized-keys-check git
%u %k
AuthorizedKeysCommandUser git
AuthorizedKeysCommandUser git
```
```
...
@@ -70,7 +48,7 @@ Confirm that SSH is working by removing your user's SSH key in the UI, adding a
...
@@ -70,7 +48,7 @@ Confirm that SSH is working by removing your user's SSH key in the UI, adding a
new one, and attempting to pull a repo.
new one, and attempting to pull a repo.
> **Warning:** Do not disable writes until SSH is confirmed to be working
> **Warning:** Do not disable writes until SSH is confirmed to be working
perfectly because the file will quickly become out-of-date.
perfectly
,
because the file will quickly become out-of-date.
In the case of lookup failures (which are not uncommon), the
`authorized_keys`
In the case of lookup failures (which are not uncommon), the
`authorized_keys`
file will still be scanned. So git SSH performance will still be slow for many
file will still be scanned. So git SSH performance will still be slow for many
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment