Ssh broken after upgrade to gitlab 11

We just upgraded our installation from 10.5 to 11.0 (stopping ever so briefly at 10.8) and now ssh connections are all broken. Our first issue was that our users had almost all chosen DSA keys, but even fixing that hasn’t helped.

We can ssh directly without passwords and connect as the git user:

cat ~/.ssh/config host gitlab user git hostname gitlab.my.net port 22 identityfile ~/.ssh/id_rsa ssh gitlab
Last login: Thu Jul 26 10:16:26 2018 from zw129.my.net
:
id uid=502(git) gid=502(git) groups=502(git)... exit
logout
Connection to gitlab.my.net closed.
cd git/network git status
# On branch master
# Your branch is ahead of ‘origin/master’ by 1 commit.
# (use “git push” to publish your local commits)
#
nothing to commit, working directory clean
$ git push
fatal: ‘puppet/network’ does not appear to be a git repository
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
$

The Web UI shows that my account has access to the repos. If I switch to https, then I’m able to check out, but given that my user base has hundreds of repos all set up using ssh, I’d rather get ssh working again.

Given that ssh itself is working, and I’ve confirmed that the key in my account is the same as the one my ssh config file is using, what else should I look at?

Could it be that there’s a restriction of SSH keys? https://docs.gitlab.com/ee/security/ssh_keys_restrictions.html

1 Like

I just checked, and all the newer key types are allowed (RSA, ECDSA and ED25519) without restriction on size. Each type just says “are allowed”.

You did put me on the right path, however!

This one was pilot error. I created an RSA key yesterday that was longer than the default, but failed to upload it to gitlab. When I changed my ~/.ssh/config to use the RSA key, obviously the other half of the exchange wasn’t there.

Thanks for the help!