Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
3e005630
Commit
3e005630
authored
Jul 01, 2020
by
Thiago Presa
Committed by
Marcel Amirault
Jul 01, 2020
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Clarifying Fast SSH lookup tests, SELinux support
parent
e4e7f73d
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
17 additions
and
2 deletions
+17
-2
doc/administration/operations/fast_ssh_key_lookup.md
doc/administration/operations/fast_ssh_key_lookup.md
+17
-2
No files found.
doc/administration/operations/fast_ssh_key_lookup.md
View file @
3e005630
...
@@ -67,8 +67,11 @@ sudo service ssh reload
...
@@ -67,8 +67,11 @@ sudo service ssh reload
sudo
service sshd reload
sudo
service sshd reload
```
```
Confirm that SSH is working by removing your user's SSH key in the UI, adding a
Confirm that SSH is working by commenting out your user's key in the
`authorized_keys`
new one, and attempting to pull a repository.
(start the line with a
`#`
to comment it), and attempting to pull a repository.
A successful pull would mean that GitLab was able to find the key in the database,
since it is not present in the file anymore.
NOTE:
**Note:**
For Omnibus Docker,
`AuthorizedKeysCommand`
is setup by default in
NOTE:
**Note:**
For Omnibus Docker,
`AuthorizedKeysCommand`
is setup by default in
GitLab 11.11 and later.
GitLab 11.11 and later.
...
@@ -96,6 +99,8 @@ Again, confirm that SSH is working by removing your user's SSH key in the UI,
...
@@ -96,6 +99,8 @@ Again, confirm that SSH is working by removing your user's SSH key in the UI,
adding a new one, and attempting to pull a repository.
adding a new one, and attempting to pull a repository.
Then you can backup and delete your
`authorized_keys`
file for best performance.
Then you can backup and delete your
`authorized_keys`
file for best performance.
The current users' keys are already present in the database, so there is no need for migration
or for asking users to re-add their keys.
## How to go back to using the `authorized_keys` file
## How to go back to using the `authorized_keys` file
...
@@ -200,3 +205,13 @@ the database. The following instructions can be used to build OpenSSH 7.5:
...
@@ -200,3 +205,13 @@ the database. The following instructions can be used to build OpenSSH 7.5:
# Only run this if you run into a problem logging in
# Only run this if you run into a problem logging in
yum downgrade openssh-server openssh openssh-clients
yum downgrade openssh-server openssh openssh-clients
```
```
## SELinux support and limitations
> [Introduced](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/2855) in GitLab 10.5.
GitLab supports
`authorized_keys`
database lookups with
[
SELinux
](
https://en.wikipedia.org/wiki/Security-Enhanced_Linux
)
.
Because the SELinux policy is static, GitLab doesn't support the ability to change
internal Unicorn ports at the moment. Admins would have to create a special
`.te`
file for the environment, since it isn't generated dynamically.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment