Hardcoded AllowUsers in docker's 8.4.4-ce.0 image
Summary
Changing user['username'] does not change /assets/sshd_config, and any other user than git is not allowed to log in via ssh to clone.
Steps to reproduce
- docker pull gitlab/gitlab-ce:8.4.4-ce.0
- change
user['username']as described in https://gitlab.com/gitlab-org/omnibus-gitlab/blob/629def0a7a26e7c2326566f0758d4a27857b52a3/README.md#changing-the-name-of-the-git-user-group - restart container
- try to clone over ssh (after adding ssh key)
Expected behavior
git clone should succeed
Relevant logs and/or screenshots
git clone:
-----------
Cloning into 'test1'...
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.docker logs -f container:
==> /var/log/gitlab/sshd/current <==
2016-02-11_13:33:05.78455 User git02 from 10.10.39.10 not allowed because not listed in AllowUsers
2016-02-11_13:33:05.78532 input_userauth_request: invalid user git02 [preauth]
2016-02-11_13:33:05.82632 Connection closed by 10.10.39.10 [preauth]Possible fixes
Make sure gitlab-ctl reconfigure also edits the sshd_config.
Activity
Ideally this should be done by
reconfigure.@marin Maybe we could template
sshd_configtoo in Omnibus? We would enable the generation of thesshd_configfor Docker image?Milestone changed to 8.8
@marin I agree, but this is also something handy that I would like to use in GitLab Tile (Pivotal).
@ayufan What's the status here?
Edited by Douwe MaanIt's not done.
cc @twk3
+1 Please!! Issue is affecting us
Edited by username-removed-534502Added containers label
Please register or sign in to reply