The first mechanism (integration via
authorized keys) is vulnerable to both race conditions and out-of-order execution issues, making it hard to scale. Because of this it will be removed in GitLab 14.0. Refer to issue #212227 for details.
Docs for fast ssh key lookup (Fast lookup of authorized SSH keys in the database | GitLab) say that
For Omnibus Docker,
AuthorizedKeysCommandis setup by default in GitLab 11.11 and later.
When I poke into my gitlab container at its ssh config files, I do not see
AuthorizedKeysCommand. However, I also cannot find any reference in
/var/opt/gitlab/.ssh/authorized_keys of my actual SSH keys, suggesting that it is in fact using fast lookup instead of the system
My configuration in Admin Area > Network > Performance optimization has enabled
Write to "authorized_keys" file. My understanding of that is that it is a backup for deployment keys, not that that file will be used for all authentication.
authorized_keys file will reach deprecation in GitLab-14 (two months away?), I’m looking ahead. How do I know if removal of support for that file will break me? I can always uncheck the “write to authorized_keys”, but I don’t expect that that would have immediate effects.