diff options
| author | Nick Thomas <nick@gitlab.com> | 2017-12-20 18:41:36 +0300 |
|---|---|---|
| committer | Nick Thomas <nick@gitlab.com> | 2018-01-09 18:20:38 +0300 |
| commit | c73eb55d93f067c8e55632d38df57fdb51f08220 (patch) | |
| tree | 25ab2de4f3e2f40639b3a75de62d20c1f6ae7a36 | |
| parent | 8de1bb9e74a00766c663b1cdf8c7b49ddc060caf (diff) | |
Use the new gitlab-shell authorized-keys helper in documentation
| -rw-r--r-- | GITLAB_SHELL_VERSION | 2 | ||||
| -rw-r--r-- | doc/administration/operations/fast_ssh_key_lookup.md | 32 |
2 files changed, 6 insertions, 28 deletions
diff --git a/GITLAB_SHELL_VERSION b/GITLAB_SHELL_VERSION index e030a0157c9..c68d476cc8e 100644 --- a/GITLAB_SHELL_VERSION +++ b/GITLAB_SHELL_VERSION @@ -1 +1 @@ -5.10.3 +5.11.0 diff --git a/doc/administration/operations/fast_ssh_key_lookup.md b/doc/administration/operations/fast_ssh_key_lookup.md index b86168f935a..835ed8c8006 100644 --- a/doc/administration/operations/fast_ssh_key_lookup.md +++ b/doc/administration/operations/fast_ssh_key_lookup.md @@ -25,34 +25,12 @@ GitLab Shell provides a way to authorize SSH users via a fast, indexed lookup to the GitLab database. GitLab Shell uses the fingerprint of the SSH key to check whether the user is authorized to access GitLab. -Create the directory `/opt/gitlab-shell` first: - -```bash -sudo mkdir -p /opt/gitlab-shell -``` - -Create this file at `/opt/gitlab-shell/authorized_keys`: - -``` -#!/bin/bash - -if [[ "$1" == "git" ]]; then - /opt/gitlab/embedded/service/gitlab-shell/bin/authorized_keys $2 -fi -``` - -Set appropriate ownership and permissions: - -``` -sudo chown root:git /opt/gitlab-shell/authorized_keys -sudo chmod 0650 /opt/gitlab-shell/authorized_keys -``` - -Add the following to `/etc/ssh/sshd_config` or to `/assets/sshd_config` if you -are using Omnibus Docker: +Add the following to your `sshd_config` file. This is usuaully located at +`/etc/ssh/sshd_config`, but it will be `/assets/sshd_config` if you're using +Omnibus Docker: ``` -AuthorizedKeysCommand /opt/gitlab-shell/authorized_keys %u %k +AuthorizedKeysCommand /opt/embedded/gitlab-shell/bin/gitlab-shell-authorized-keys-check git %u %k AuthorizedKeysCommandUser git ``` @@ -70,7 +48,7 @@ Confirm that SSH is working by removing your user's SSH key in the UI, adding a new one, and attempting to pull a repo. > **Warning:** Do not disable writes until SSH is confirmed to be working -perfectly because the file will quickly become out-of-date. +perfectly, because the file will quickly become out-of-date. In the case of lookup failures (which are not uncommon), the `authorized_keys` file will still be scanned. So git SSH performance will still be slow for many |