| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
We add a `trusted_user_ca_keys` config setting that allows gitlab-sshd
to trust any SSH certificate signed by the keys listed in this file.
This is equivalent to the `TrustedUserCAKeys` OpenSSH setting.
We assume the certificate identity is equivalent to the GitLab
username.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
While gitlab-shell currently has a major version of v14, the module path
it exposes is not using that major version like it is required by the Go
standard. This makes it impossible for dependents to import gitlab-shell
as a dependency without using a commit as version.
Fix this by changing the module path of gitlab-shell to instead be
`gitlab.com/gitlab-org/gitlab-shell/v14` and adjust all imports
accordingly.
Changelog: fixed
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Due to the way sshd works, gitlab-shell could be called with a single
string in the form:
```
/path/to/gitlab-shell -c key-id
```
However, due to the tightening of the regular expressions in fcff692b
this string no longer matches, so logins would fail with:
```
Failed to get username: who='' is invalid
```
This can be reproduced by changing the user's shell to point to
gitlab-shell. For example:
```
usermod git -s /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell
```
While setting gitlab-shell as the user's shell isn't officially
supported, gitlab-shell still should be able to cope with the key being
specified as the last argument. We now split the argument list and use
the last value.
Relates to https://gitlab.com/gitlab-org/gitlab-shell/-/issues/530
|
| | |
|
| | |
|
| | |
|
| |
|
