Gitlab: Invocation of Gitlab-Shell

gitlab: invocation of gitlab-shell

The blob line you mention builds the authorized_keys line as:

"command=\"#{ROOT_PATH}/bin/gitlab-shell [auserID]\",\
   no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa [aPubKey]

That is taking advantage of an SSH feature (not related to Git or GitLab), called "forced command".

You can see illustrated in gitolite, which explains the forced command allows for:

  • restricting shell access
  • distinguishing one user from another

In the case of GitLab, that allows to limit SSH calls to gitlab-shell.

What happens when I run ssh git@gitlab.com

[username]@gitlab.com makes more sense to me

It would not: that would ask to open an SSH session as 'username': that account does not exist. Only one account exists: 'git'.

Then, in ~/.ssh/authrorized_keys, your public key is found, alongside:

  • an ID (as shown here), matching your registered GitLab account,
  • a forced command, which will call a GitLab script in order to execute the Git command.

That way:

  • there is no interractive session possible on GitLab's server
  • the project gitlab-shell gets your ID and hangle your Git query

Why Gitlab CI run commands locally and not on remote machine?

I think your problem is here:

    - ssh -o StrictHostKeyChecking=no <user>@<ip>
    - ls

The first command runs ssh on the gitlab runner. ssh isn't interactive at this point (no keyboard is connected to the ssh session here). So ssh exits. Then you run ls on the gitlab runner, which gives you the strange output you are surprised by.

You want to tell the ssh command all of what you want it to do, by providing that extra thing as an argument. So try:

    - ssh -o StrictHostKeyChecking=no <user>@<ip> ls

See other answers like How to execute a remote command over ssh with arguments? and How do I pass arbitrary arguments to a command executed over SSH? for more information on how to exactly provide the commands and arguments to the ssh invocation.

How to check the version of GitLab?

I have updated my server to GitLab 6.6.4 and finally found the way to get version of GitLab remotely without SSH access to server.

You should be logged in to access the following page:
https://your.domain.name/help

It shows something similar to:

GitLab 6.6.4 42e34ae

GitLab is open source software to collaborate on code.

...

etc.


Related Topics

How to Understand the #Dup and #Clone Operate on Objects Which Referencing Other Objects

Problems with Jslint-V8 Ruby Gem Installation on Windows7 64-Bit

Display Result Data Without Page Refresh on Form Submission in Ruby on Rails

Rails Adding Multiple Objects to an Empty Array

How to Override the System Timezone in Ruby

What Does "String Literal in Condition" Mean

How to Convert This Ruby String into an Array

Error When Starting Sinatra: "Tried to Create Proc Object Without a Block"

Ruby Tcpserver to Get Client Ip Address

Ruby- Delete a Value from Sorted (Unique) Array at O(Log N) Runtime

Gitlab: Invocation of Gitlab-Shell

Which Plugins/Gems Should I Use to Dynamically Generate Thumbnails On-The-Fly in Rails 3

Ruby String Split into Words Ignoring All Special Characters: Simpler Query

What Does Self Mean in Ruby

When Is the Do Keyword Required in Ruby

Custom To_Yaml and Domain_Type

How to Serialize as Activesupport::Hashwithindifferentaccess Anymore

Net::Http Get Timeout in Ruby


Leave a reply



Submit