Release v14.6.1

See merge request gitlab-org/gitlab-shell!645

- Return support for diffie-hellman-group14-sha1 !644

Return support for diffie-hellman-group14-sha1

See merge request gitlab-org/gitlab-shell!644

It seems that a lot of users rely on this, let's return it and
deprecated later to make the migration less disruptive

Release 14.6.0

See merge request gitlab-org/gitlab-shell!643

- Exclude Gitaly unavailable error from error rate !641
- Downgrade auth EOF messages from warning to debug !641
- Display constistently in gitlab-sshd and gitlab-shell !641
- Downgrade host key mismatch messages from warning to debug !639
- Introduce a GitLab-SSHD server version during handshake !640
- Narrow supported kex algorithms !638

Exclude Gitaly unavailable error from error rate

See merge request gitlab-org/gitlab-shell!641

The errors happen when a client closes a connection on handshake
They can be ignored to avoid noise

When a user hits repository rate limit, Gitaly returns an error
that the request can't be handled (Gitaly unavailable)

We should avoid this error to avoid exceeding the error rate

- Use console package to format the errors in gitlab-sshd
- Suppress internal Gitaly errors in client output

Downgrade host key mismatch messages from warning to debug

See merge request gitlab-org/gitlab-shell!639

Introduce a GitLab-SSHD server version during handshake

See merge request gitlab-org/gitlab-shell!640

This message doesn't provide that much value, so let's just drop it.

In production, we often see SSH key scans requesting host key
algorithms that we don't support, such as `sk-ssh-ed25519@openssh.com`
or `sk-ecdsa-sha2-nistp256@openssh.com`.

These messages might be useful if someone forgets to configure a host
key that should be supported, but most of the time they are noise.

This commit downgrades these messages to DEBUG.

Relates to https://gitlab.com/gitlab-org/gitlab-shell/-/issues/581

Changelog: changed

Narrow supported kex algorithms

See merge request gitlab-org/gitlab-shell!638

We don't support diffie-hellman-group14-sha1 via OpenSSH currently
Let's avoid introducing it in gitlab-sshd because it's using
weak hashing algorithm

Release 14.5.0

See merge request gitlab-org/gitlab-shell!636

- Make ProxyHeaderTimeout configurable !635

Make ProxyHeaderTimeout configurable

See merge request gitlab-org/gitlab-shell!635

Issue: https://gitlab.com/gitlab-org/gitlab-shell/-/issues/576

ProxyHeaderTimeout must be small to avoid DoS risk

Let's make the value configurable and 500ms by default

- If an integer is specified, we assume that these are seconds
- A duration of format "500ms", "10s", "1m", etc... accepted

Release 14.4.0

See merge request gitlab-org/gitlab-shell!634

- Allow configuring SSH server algorithms !633
- Update gitlab-org/golang-crypto module version !632

Allow configuring SSH server algorithms

See merge request gitlab-org/gitlab-shell!633

MACs, Ciphers and KEX algorithms now can be configured
If the values are empty, reasonable defaults are used

Update gitlab-org/golang-crypto module version

See merge request gitlab-org/gitlab-shell!632

This update pulls in:

1. https://gitlab.com/gitlab-org/golang-crypto/-/merge_requests/3,
   which syncs the module with upstream master and supports the new
   `curve25519-sha256@libssh.org` kex name.

2. https://gitlab.com/gitlab-org/golang-crypto/-/merge_requests/4,
   which adds:

   * MACs: hmac-sha2-512-etm@openssh.com, hmac-sha2-512
   * Cipher: aes256-gcm@openssh.com

Relates to https://gitlab.com/gitlab-org/gitlab-shell/-/issues/575

Release v14.3.1

See merge request gitlab-org/gitlab-shell!631

- Exclude API errors from error rate !630

Exclude API errors from error rate

See merge request gitlab-org/gitlab-shell!630

When API isn't responsible or the resource is not accessible
(returns 404 or 403), then we shouldn't consider it as an error
on gitlab-sshd side

Git ignore .DS_Store

See merge request gitlab-org/gitlab-shell!629

Resolve "Dependency update DOCKER_VERSION:  20.10.15"

Closes #571

See merge request gitlab-org/gitlab-shell!628

Release v14.3.0

See merge request gitlab-org/gitlab-shell!627

- Remove deprecated bundler-audit !626
- Wait until all Gitaly sessions are executed !624

Wait until all Gitaly sessions are executed

See merge request gitlab-org/gitlab-shell!624

When a request get canceled we don't want to consider it an error