diff options
author | Regis <boudinot.regis@yahoo.com> | 2017-03-21 09:08:28 -0600 |
---|---|---|
committer | Regis <boudinot.regis@yahoo.com> | 2017-03-21 09:08:28 -0600 |
commit | 0b75b821c6cfd173291fcfd88c41da9922d082dd (patch) | |
tree | 41b578d299bd77423aa3591955a4cb5ca07ab025 /doc/ci/ssh_keys/README.md | |
parent | 6342da7bb6cbba1b1e026fc62a1da42b811b25f4 (diff) | |
parent | a08c707c928092426e2334423e71c6b841309ddf (diff) | |
download | gitlab-ce-0b75b821c6cfd173291fcfd88c41da9922d082dd.tar.gz |
update to current master and fix conflictsissue-title-vue
Diffstat (limited to 'doc/ci/ssh_keys/README.md')
-rw-r--r-- | doc/ci/ssh_keys/README.md | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/doc/ci/ssh_keys/README.md b/doc/ci/ssh_keys/README.md index d00faaadc8b..befaa06e918 100644 --- a/doc/ci/ssh_keys/README.md +++ b/doc/ci/ssh_keys/README.md @@ -38,6 +38,15 @@ following **Settings > Variables**. As **Key** add the name `SSH_PRIVATE_KEY` and in the **Value** field paste the content of your _private_ key that you created earlier. +It is also good practice to check the server's own public key to make sure you +are not being targeted by a man-in-the-middle attack. To do this, add another +variable named `SSH_SERVER_HOSTKEYS`. To find out the hostkeys of your server, run +the `ssh-keyscan YOUR_SERVER` command from a trusted network (ideally, from the +server itself), and paste its output into the `SSH_SERVER_HOSTKEY` variable. If +you need to connect to multiple servers, concatenate all the server public keys +that you collected into the **Value** of the variable. There must be one key per +line. + Next you need to modify your `.gitlab-ci.yml` with a `before_script` action. Add it to the top: @@ -59,6 +68,11 @@ before_script: # you will overwrite your user's SSH config. - mkdir -p ~/.ssh - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config' + # In order to properly check the server's host key, assuming you created the + # SSH_SERVER_HOSTKEYS variable previously, uncomment the following two lines + # instead. + # - mkdir -p ~/.ssh + # - '[[ -f /.dockerenv ]] && echo "$SSH_SERVER_HOSTKEYS" > ~/.ssh/known_hosts' ``` As a final step, add the _public_ key from the one you created earlier to the |