Commits · 5085fe78c1b890a7fbe40430a55a08bd6b98d386 · Igor Drozdov / Gitlab Shell

Jun 06, 2022
- Merge branch 'id-release-14-7-2' into 'main' · 5085fe78
  Igor Drozdov authored 2 years ago
  
  Release 14.7.2 See merge request gitlab-org/gitlab-shell!655
  View commits for tag v14.7.2 v14.7.2
  
  5085fe78
- Release 14.7.2 · d3023899
  Igor Drozdov authored 2 years ago
  
  - Exclude disallowed command from error rate
  d3023899
- Merge branch 'id-ignore-disallowed-cmd-err' into 'main' · 7780ac92
  Patrick Bajao authored 2 years ago
  
  Exclude disallowed command from error rate See merge request gitlab-org/gitlab-shell!654
  7780ac92
Jun 01, 2022
- Exclude disallowed command from error rate · 9cc4380a
  Igor Drozdov authored 2 years ago
  
  9cc4380a
May 25, 2022

Merge branch 'id-release-14-7-1' into 'main' · 158109ab
Igor Drozdov authored 2 years ago
```
Release 14.7.1

See merge request gitlab-org/gitlab-shell!652
```
View commits for tag v14.7.1 v14.7.1

158109ab

Igor Drozdov authored 2 years ago

- Log gitlab-sshd session level indicator errors !650
- Improve establish session duration metrics !651

51ef1667

Merge branch 'id-calculate-started-just-before-session-handling' into 'main' · f7b0c2f4
Stan Hu authored 2 years ago
```
Calculate session start after the connection is established

See merge request gitlab-org/gitlab-shell!653
```
f7b0c2f4
Calculate session start after the connection is established · 1fe75fb5
Igor Drozdov authored 2 years ago

1fe75fb5
Merge branch 'id-session-duration' into 'main' · fc6c2e16
Stan Hu authored 2 years ago
```
Improve establish session duration metrics

See merge request gitlab-org/gitlab-shell!651
```
fc6c2e16

Improve establish session duration metrics · a8eaa875

Igor Drozdov authored 2 years ago

Before we took into account the time a user takes to authenticate
Now it only measures the time between a connection established and
a command started to being executed

It's still can be controlled by a user, but it's something we can
measure and restrict if necessary

a8eaa875

Merge branch 'sh-log-session-errors' into 'main' · 51cd2383
Igor Drozdov authored 2 years ago
```
Log gitlab-sshd session level indicator errors

See merge request gitlab-org/gitlab-shell!650
```
51cd2383

May 24, 2022

Log gitlab-sshd session level indicator errors · ea417a3f

Stan Hu authored 2 years ago

In production, we saw gitlab-sshd error metrics rise, but it was not
clear why. We now log a message every time we encounter a session
error that affects the service level indicator counter.

Unverified

ea417a3f

Merge branch 'prod' into 'main' · 78967c4d

Igor Drozdov authored 2 years ago

Document gitlab-shell on GitLab SaaS

See merge request gitlab-org/gitlab-shell!625

78967c4d

May 23, 2022

Merge branch 'sh-release-14.7.0' into 'main' · b88256d2
Stan Hu authored 2 years ago
```
Release v14.7.0

See merge request gitlab-org/gitlab-shell!648
```
View commits for tag v14.7.0 v14.7.0

b88256d2

Release v14.7.0 · 3c5f5566

Stan Hu authored 2 years ago

- Abort long-running unauthenticated SSH connections !647
- Close the connection when context is canceled !646

Unverified

3c5f5566

Merge branch 'id-login-grace-time-impl' into 'main' · 585b8f96

Stan Hu authored 2 years ago

Abort long-running unauthenticated SSH connections

See merge request gitlab-org/gitlab-shell!647

585b8f96

Add missing SshdSessionEstablishedDuration metrics · 3e71d082
Igor Drozdov authored 2 years ago

3e71d082

Abort long-running unauthenticated SSH connections · 0d69e6d7

Igor Drozdov authored 2 years ago

The config option is basically a copy of LoginGraceTime OpenSSH
option.

If an SSH connection is hanging unauthenticated, after some period
of time, the connection gets canceled. The value is configurable,
the server waits for 60 seconds by default.

0d69e6d7

Merge branch 'id-login-grace-time' into 'main' · c40ad688

Stan Hu authored 2 years ago

Close the connection when context is canceled

See merge request gitlab-org/gitlab-shell!646

c40ad688

Close the connection when context is canceled · 0110b9ea

Igor Drozdov authored 2 years ago

When graceful shutdown timeout expires, the global context is
canceled. All the operations dependent on it are canceled as well.

Unfortunately, some of the operations doesn't respect the context.
For example, SSH connection initialization.

In this case, we need to manually close the connection.
One of the options is to wait for ctx.Done() and close the connection

0110b9ea

Move connection init into connection.go · 6e74b993
Igor Drozdov authored 2 years ago

6e74b993
Merge branch 'id-release-14-6-1' into 'main' · 4d2459f3
Igor Drozdov authored 2 years ago
```
Release v14.6.1

See merge request gitlab-org/gitlab-shell!645
```
View commits for tag v14.6.1 v14.6.1

4d2459f3
Release v14.6.1 · 5afa7e44
Igor Drozdov authored 2 years ago
```
- Return support for diffie-hellman-group14-sha1 !644
```
5afa7e44
Merge branch 'id-revert-narrowing-kex-algos' into 'main' · 3909c673
Igor Drozdov authored 2 years ago
```
Return support for diffie-hellman-group14-sha1

See merge request gitlab-org/gitlab-shell!644
```
3909c673

Return support for diffie-hellman-group14-sha1 · 0bef85e7

Igor Drozdov authored 2 years ago

It seems that a lot of users rely on this, let's return it and
deprecated later to make the migration less disruptive

0bef85e7

May 21, 2022

Merge branch 'id-release-14-6-0' into 'main' · 1da03256
Igor Drozdov authored 2 years ago
```
Release 14.6.0

See merge request gitlab-org/gitlab-shell!643
```
View commits for tag v14.6.0 v14.6.0

1da03256

Release 14.6.0 · 4b19adff

Igor Drozdov authored 2 years ago

- Exclude Gitaly unavailable error from error rate !641
- Downgrade auth EOF messages from warning to debug !641
- Display constistently in gitlab-sshd and gitlab-shell !641
- Downgrade host key mismatch messages from warning to debug !639
- Introduce a GitLab-SSHD server version during handshake !640
- Narrow supported kex algorithms !638

4b19adff

Merge branch 'id-ignore-gitaly-unavailable-errors' into 'main' · 8dd15baa
Stan Hu authored 2 years ago
```
Exclude Gitaly unavailable error from error rate

See merge request gitlab-org/gitlab-shell!641
```
8dd15baa

Downgrade auth EOF messages from warning to debug · 44b3869e

Igor Drozdov authored 2 years ago

The errors happen when a client closes a connection on handshake
They can be ignored to avoid noise

44b3869e

Exclude Gitaly unavailable error from error rate · accaf432

Igor Drozdov authored 2 years ago

When a user hits repository rate limit, Gitaly returns an error
that the request can't be handled (Gitaly unavailable)

We should avoid this error to avoid exceeding the error rate

accaf432

Display constistently in gitlab-sshd and gitlab-shell · 7c7f110b

Igor Drozdov authored 2 years ago

- Use console package to format the errors in gitlab-sshd
- Suppress internal Gitaly errors in client output

7c7f110b

Merge branch 'sh-downgrade-host-key-errors' into 'main' · 569ae36d

Igor Drozdov authored 2 years ago

Downgrade host key mismatch messages from warning to debug

See merge request gitlab-org/gitlab-shell!639

569ae36d

Merge branch 'T4cC0re-main-patch-11870' into 'main' · 0605bc42

Igor Drozdov authored 2 years ago

Introduce a GitLab-SSHD server version during handshake

See merge request gitlab-org/gitlab-shell!640

0605bc42

Introduce a GitLab-SSHD server version during handshake · 09dd5bcb
Hendrik Meyer authored 2 years ago and Igor Drozdov committed 2 years ago

09dd5bcb

May 20, 2022

Downgrade handleConn start message to debug · 58760393
Stan Hu authored 2 years ago
```
This message doesn't provide that much value, so let's just drop it.
```
Unverified

58760393

Downgrade host key mismatch messages from warning to debug · 6a49468e

Stan Hu authored 2 years ago

In production, we often see SSH key scans requesting host key
algorithms that we don't support, such as `sk-ssh-ed25519@openssh.com`
or `sk-ecdsa-sha2-nistp256@openssh.com`.

These messages might be useful if someone forgets to configure a host
key that should be supported, but most of the time they are noise.

This commit downgrades these messages to DEBUG.

Relates to https://gitlab.com/gitlab-org/gitlab-shell/-/issues/581

Changelog: changed

Unverified

6a49468e

Merge branch 'id-set-supported-kex-algos' into 'main' · 1f89ece0
Stan Hu authored 2 years ago
```
Narrow supported kex algorithms

See merge request gitlab-org/gitlab-shell!638
```
1f89ece0

Narrow supported kex algorithms · 6a76b027

Igor Drozdov authored 2 years ago

We don't support diffie-hellman-group14-sha1 via OpenSSH currently
Let's avoid introducing it in gitlab-sshd because it's using
weak hashing algorithm

6a76b027

May 19, 2022
- Merge branch 'sh-release-14.5.0' into 'main' · 216446d8
  Stan Hu authored 2 years ago
  
  Release 14.5.0 See merge request gitlab-org/gitlab-shell!636
  View commits for tag v14.5.0 v14.5.0
  
  216446d8
- Release 14.5.0 · 9c4efdbb
  Stan Hu authored 2 years ago
  
  - Make ProxyHeaderTimeout configurable !635
  Unverified
  
  9c4efdbb