How does gitlab make use of port 22 (SSH)?

Hello everybody,

I installed Gitlab community edition on a server of my university. The IT-Support is not willing to open port 22, because they assume that this will grant strange users access to the system. So far I think that Gitlab uses SSH for encrypting the file transfer.

It would be nice if somebody could provide some information about the usage of port 22, so that I’m not arguing with false information.

Thanks in advance!

Port 22 is ssh. Gitlab uses its own gitolite like application called gitlab-shell to throw user ssh keys into an authorized_keys file for user “git” so that when they clone from or push to ssh://git@yourserver.yourdomain they are granted privileges based on their user name and key.

So it’s basically about authorization and encryption? The gitlab-shell doesn’t provide as many privileges as OpenSSH for example. This is probably what the IT-Support believes.

Correct that gitlab-shell does not allow users to ssh as the git user to a normal shell. It forces use of certain commands. If it’s running as the git user it can only grant privileges on stuff the git user owns.