Commit 8b6c8a74 authored by Stan Hu's avatar Stan Hu

Merge branch 'update-geo-database-ssh-keys' into 'master'

Update SSH database lookup instructions for CentOS 7.4

See merge request gitlab-org/gitlab-ee!2946
parents 82d20621 ac77826a
......@@ -15,9 +15,9 @@ GitLab Shell provides a way to authorize SSH users via a fast, indexed lookup to
> **Warning:** OpenSSH version 6.9+ is required because
`AuthorizedKeysCommand` must be able to accept a fingerprint. These
instructions will break installations using older versions of OpenSSH, such as
those included with CentOS as of May 2017. If you want to use this feature for
CentOS, follow [the instructions on how to build and install a custom OpenSSH package]
(#compiling-a-custom-version-of-openssh-for-centos) before continuing.
those included with CentOS 6 as of September 2017. If you want to use this
feature for CentOS 6, follow [the instructions on how to build and install a custom OpenSSH package]
(#compiling-a-custom-version-of-openssh-for-centos-6) before continuing.
Create this file at `/opt/gitlab-shell/authorized_keys`:
......@@ -73,14 +73,18 @@ This is a brief overview. Please refer to the above instructions for more contex
1. Reload sshd: `sudo service sshd reload`
1. Remove the `/opt/gitlab-shell/authorized_keys` file
## Compiling a custom version of OpenSSH for CentOS
## Compiling a custom version of OpenSSH for CentOS 6
Building a custom version of OpenSSH is not necessary for Ubuntu 16.04 users,
since Ubuntu 16.04 ships with OpenSSH 7.2.
However, CentOS users must build their own OpenSSH package to enable SSH
lookups via the database. The following instructions can be used to build
OpenSSH 7.5 for CentOS 6 and 7:
It is also unnecessary for CentOS 7.4 users, as that version ships with
OpenSSH 7.4. If you are using CentOS 7.0 - 7.3, we strongly recommend that you
upgrade to CentOS 7.4 instead of following this procedure. This should be as
simple as running `yum update`.
CentOS 6 users must build their own OpenSSH package to enable SSH lookups via
the database. The following instructions can be used to build OpenSSH 7.5:
1. First, download the package and install the required packages:
......
......@@ -10,9 +10,9 @@ file.
GitLab 10.0 and higher require database lookups for SSH keys.
Note this feature is only available on operating systems that support OpenSSH
6.9 and above. For CentOS 6 and 7, see the [instructions on building custom
6.9 and above. For CentOS 6, see the [instructions on building custom
version of OpenSSH for your server]
(../administration/operations/speed_up_ssh.html#compiling-a-custom-version-of-openssh-for-centos).
(../administration/operations/speed_up_ssh.html#compiling-a-custom-version-of-openssh-for-centos-6).
For both primary AND secondary nodes, follow the instructions on [configuring
SSH authorization via database
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment