diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-10-20 08:43:02 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-10-20 08:43:02 +0000 |
commit | d9ab72d6080f594d0b3cae15f14b3ef2c6c638cb (patch) | |
tree | 2341ef426af70ad1e289c38036737e04b0aa5007 /doc/administration/operations | |
parent | d6e514dd13db8947884cd58fe2a9c2a063400a9b (diff) | |
download | gitlab-ce-d9ab72d6080f594d0b3cae15f14b3ef2c6c638cb.tar.gz |
Add latest changes from gitlab-org/gitlab@14-4-stable-eev14.4.0-rc42
Diffstat (limited to 'doc/administration/operations')
-rw-r--r-- | doc/administration/operations/fast_ssh_key_lookup.md | 14 | ||||
-rw-r--r-- | doc/administration/operations/moving_repositories.md | 2 | ||||
-rw-r--r-- | doc/administration/operations/ssh_certificates.md | 7 |
3 files changed, 13 insertions, 10 deletions
diff --git a/doc/administration/operations/fast_ssh_key_lookup.md b/doc/administration/operations/fast_ssh_key_lookup.md index e30ad4d8248..8aa5af4c2bf 100644 --- a/doc/administration/operations/fast_ssh_key_lookup.md +++ b/doc/administration/operations/fast_ssh_key_lookup.md @@ -104,12 +104,12 @@ In the case of lookup failures (which are common), the `authorized_keys` file is still scanned. So Git SSH performance would still be slow for many users as long as a large file exists. -To disable any more writes to the `authorized_keys` file: +To disable writes to the `authorized_keys` file: 1. On the top bar, select **Menu > Admin**. 1. On the left sidebar, select **Settings > Network**. 1. Expand **Performance optimization**. -1. Clear the **Write to "authorized_keys" file** checkbox. +1. Clear the **Use authorized_keys file to authenticate SSH keys** checkbox. 1. Select **Save changes**. Again, confirm that SSH is working by removing your user's SSH key in the UI, @@ -123,10 +123,14 @@ or for asking users to re-add their keys. This is a brief overview. Please refer to the above instructions for more context. -1. [Rebuild the `authorized_keys` file](../raketasks/maintenance.md#rebuild-authorized_keys-file) -1. Enable writes to the `authorized_keys` file in Application Settings +1. [Rebuild the `authorized_keys` file](../raketasks/maintenance.md#rebuild-authorized_keys-file). +1. Enable writes to the `authorized_keys` file. + 1. On the top bar, select **Menu > Admin**. + 1. On the left sidebar, select **Settings > Network**. + 1. Expand **Performance optimization**. + 1. Select the **Use authorized_keys file to authenticate SSH keys** checkbox. 1. Remove the `AuthorizedKeysCommand` lines from `/etc/ssh/sshd_config` or from `/assets/sshd_config` if you are using Omnibus Docker. -1. Reload `sshd`: `sudo service sshd reload` +1. Reload `sshd`: `sudo service sshd reload`. ## Compiling a custom version of OpenSSH for CentOS 6 diff --git a/doc/administration/operations/moving_repositories.md b/doc/administration/operations/moving_repositories.md index 61a9ec8e7d4..8aeaadc17e9 100644 --- a/doc/administration/operations/moving_repositories.md +++ b/doc/administration/operations/moving_repositories.md @@ -27,7 +27,7 @@ For more information, see: querying and scheduling snippet repository moves. - [The API documentation](../../api/group_repository_storage_moves.md) details the endpoints for querying and scheduling group repository moves **(PREMIUM SELF)**. -- [Migrate to Gitaly Cluster](../gitaly/index.md#migrate-to-gitaly-cluster). +- [Migrating to Gitaly Cluster](../gitaly/index.md#migrating-to-gitaly-cluster). ### Move Repositories diff --git a/doc/administration/operations/ssh_certificates.md b/doc/administration/operations/ssh_certificates.md index 814e742b026..77dc4eb180b 100644 --- a/doc/administration/operations/ssh_certificates.md +++ b/doc/administration/operations/ssh_certificates.md @@ -21,8 +21,7 @@ upload the new keys to GitLab. WARNING: OpenSSH version 6.9+ is required because that version introduced the `AuthorizedPrincipalsCommand` configuration option. If -using CentOS 6, you can [follow these -instructions](fast_ssh_key_lookup.html#compiling-a-custom-version-of-openssh-for-centos-6) +using CentOS 6, you can [follow these instructions](fast_ssh_key_lookup.md#compiling-a-custom-version-of-openssh-for-centos-6) to compile an up-to-date version. ## Why use OpenSSH certificates? @@ -132,8 +131,8 @@ requirement for it, we effectively only care about the "key ID" being correct. Once that's extracted GitLab enforces its own ACLs for that user (for example, what projects the user can access). -So it's OK to e.g. be overly generous in what you accept, since if the -user e.g. has no access to GitLab at all it just errors out with a +It's therefore fine to be overly generous in what you accept. For example, if the user has no access +to GitLab, an error is produced with a message about an invalid user. message about this being an invalid user. ## Interaction with the `authorized_keys` file |