| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Depends on gitlab-org/golang-crypto!5
|
|\
| |
| |
| |
| | |
Close the connection when context is canceled
See merge request gitlab-org/gitlab-shell!646
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When graceful shutdown timeout expires, the global context is
canceled. All the operations dependent on it are canceled as well.
Unfortunately, some of the operations doesn't respect the context.
For example, SSH connection initialization.
In this case, we need to manually close the connection.
One of the options is to wait for ctx.Done() and close the connection
|
|/ |
|
|\
| |
| |
| |
| | |
Release v14.6.1
See merge request gitlab-org/gitlab-shell!645
|
|/
|
|
| |
- Return support for diffie-hellman-group14-sha1 !644
|
|\
| |
| |
| |
| | |
Return support for diffie-hellman-group14-sha1
See merge request gitlab-org/gitlab-shell!644
|
|/
|
|
|
| |
It seems that a lot of users rely on this, let's return it and
deprecated later to make the migration less disruptive
|
|\
| |
| |
| |
| | |
Release 14.6.0
See merge request gitlab-org/gitlab-shell!643
|
|/
|
|
|
|
|
|
|
| |
- Exclude Gitaly unavailable error from error rate !641
- Downgrade auth EOF messages from warning to debug !641
- Display constistently in gitlab-sshd and gitlab-shell !641
- Downgrade host key mismatch messages from warning to debug !639
- Introduce a GitLab-SSHD server version during handshake !640
- Narrow supported kex algorithms !638
|
|\
| |
| |
| |
| | |
Exclude Gitaly unavailable error from error rate
See merge request gitlab-org/gitlab-shell!641
|
| |
| |
| |
| |
| | |
The errors happen when a client closes a connection on handshake
They can be ignored to avoid noise
|
| |
| |
| |
| |
| |
| |
| | |
When a user hits repository rate limit, Gitaly returns an error
that the request can't be handled (Gitaly unavailable)
We should avoid this error to avoid exceeding the error rate
|
|/
|
|
|
| |
- Use console package to format the errors in gitlab-sshd
- Suppress internal Gitaly errors in client output
|
|\
| |
| |
| |
| | |
Downgrade host key mismatch messages from warning to debug
See merge request gitlab-org/gitlab-shell!639
|
| |
| |
| |
| | |
This message doesn't provide that much value, so let's just drop it.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In production, we often see SSH key scans requesting host key
algorithms that we don't support, such as `sk-ssh-ed25519@openssh.com`
or `sk-ecdsa-sha2-nistp256@openssh.com`.
These messages might be useful if someone forgets to configure a host
key that should be supported, but most of the time they are noise.
This commit downgrades these messages to DEBUG.
Relates to https://gitlab.com/gitlab-org/gitlab-shell/-/issues/581
Changelog: changed
|
|\ \
| |/
|/|
| |
| | |
Introduce a GitLab-SSHD server version during handshake
See merge request gitlab-org/gitlab-shell!640
|
|/ |
|
|\
| |
| |
| |
| | |
Narrow supported kex algorithms
See merge request gitlab-org/gitlab-shell!638
|
|/
|
|
|
|
| |
We don't support diffie-hellman-group14-sha1 via OpenSSH currently
Let's avoid introducing it in gitlab-sshd because it's using
weak hashing algorithm
|
|\
| |
| |
| |
| | |
Release 14.5.0
See merge request gitlab-org/gitlab-shell!636
|
|/
|
|
| |
- Make ProxyHeaderTimeout configurable !635
|
|\
| |
| |
| |
| | |
Make ProxyHeaderTimeout configurable
See merge request gitlab-org/gitlab-shell!635
|
| |
| |
| |
| |
| |
| |
| |
| | |
Issue: https://gitlab.com/gitlab-org/gitlab-shell/-/issues/576
ProxyHeaderTimeout must be small to avoid DoS risk
Let's make the value configurable and 500ms by default
|
|/
|
|
|
| |
- If an integer is specified, we assume that these are seconds
- A duration of format "500ms", "10s", "1m", etc... accepted
|
|\
| |
| |
| |
| | |
Release 14.4.0
See merge request gitlab-org/gitlab-shell!634
|
|/
|
|
|
| |
- Allow configuring SSH server algorithms !633
- Update gitlab-org/golang-crypto module version !632
|
|\
| |
| |
| |
| | |
Allow configuring SSH server algorithms
See merge request gitlab-org/gitlab-shell!633
|
|/
|
|
|
| |
MACs, Ciphers and KEX algorithms now can be configured
If the values are empty, reasonable defaults are used
|
|\
| |
| |
| |
| | |
Update gitlab-org/golang-crypto module version
See merge request gitlab-org/gitlab-shell!632
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This update pulls in:
1. https://gitlab.com/gitlab-org/golang-crypto/-/merge_requests/3,
which syncs the module with upstream master and supports the new
`curve25519-sha256@libssh.org` kex name.
2. https://gitlab.com/gitlab-org/golang-crypto/-/merge_requests/4,
which adds:
* MACs: hmac-sha2-512-etm@openssh.com, hmac-sha2-512
* Cipher: aes256-gcm@openssh.com
Relates to https://gitlab.com/gitlab-org/gitlab-shell/-/issues/575
|
|\
| |
| |
| |
| | |
Release v14.3.1
See merge request gitlab-org/gitlab-shell!631
|
|/
|
|
| |
- Exclude API errors from error rate !630
|
|\
| |
| |
| |
| | |
Exclude API errors from error rate
See merge request gitlab-org/gitlab-shell!630
|
| |
| |
| |
| |
| |
| | |
When API isn't responsible or the resource is not accessible
(returns 404 or 403), then we shouldn't consider it as an error
on gitlab-sshd side
|
|\ \
| | |
| | |
| | |
| | | |
Git ignore .DS_Store
See merge request gitlab-org/gitlab-shell!629
|
|/ / |
|
|\ \
| |/
|/|
| |
| |
| |
| | |
Resolve "Dependency update DOCKER_VERSION: 20.10.15"
Closes #571
See merge request gitlab-org/gitlab-shell!628
|
|/ |
|
|\
| |
| |
| |
| | |
Release v14.3.0
See merge request gitlab-org/gitlab-shell!627
|
|/
|
|
|
| |
- Remove deprecated bundler-audit !626
- Wait until all Gitaly sessions are executed !624
|
|\
| |
| |
| |
| | |
Wait until all Gitaly sessions are executed
See merge request gitlab-org/gitlab-shell!624
|
| |
| |
| |
| | |
When a request get canceled we don't want to consider it an error
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If they haven't been executed within a timeout, we unblock the
execution.
Issue: https://gitlab.com/gitlab-org/gitlab-shell/-/issues/563
We have an issue when a lot of git clones operations get canceled.
It was assumed that some clients close the connection just after
all the data has been received from Git server. If there was a
network delay and gitlab-sshd hadn't managed to gracefully close
the connection, context get canceled and Gitaly cancels the
execution and returns the error.
Let's wait for a perion to allow Gitaly to gracefully complete the
operation
|
|/ |
|
|\
| |
| |
| |
| | |
Remove deprecated bundler-audit
See merge request gitlab-org/gitlab-shell!626
|
|/
|
|
|
| |
It's been removed in:
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/86704
|
|\
| |
| |
| |
| | |
Release 14.2.0
See merge request gitlab-org/gitlab-shell!623
|
|/
|
|
|
| |
- Implement ClientKeepAlive option
- build: bump go-proxyproto to 0.6.2
|