Cannot pull/fetch/clone/push with Git for Windows 2.14 over SSH

Summary

Git for Windows v2.14 onwards uses git upload-pack instead of git-upload-pack, at least over SSH, and GitLab blocks it as a disallowed command.

Steps to reproduce

1. Attempt to clone, fetch, pull from or push to any GitLab-hosted repository over SSH

Example Project

Attempting to clone this repository (https://gitlab.com/gitlab-org/gitlab-ce) over SSH results in this error.

What is the current bug behavior?

After updating my client to Git for Windows v2.14, I can no longer fetch, pull, clone or push over SSH. Attempting to do so results in this error:

GitLab: Disallowed command
fatal: Could not read from remote repository.

This issue does not happen when HTTP(S) is used.

Git for Windows v2.13.3 used the command git-upload-pack instead, which works correctly.

What is the expected correct behavior?

The operation (clone, fetch, pull, push) should succeed.

Relevant logs and/or screenshots

gitlab-shell: Attempt to execute disallowed command <git upload-pack '[redacted].git'> by user with key key-45.

Output of checks

I'm not really sure what type of checks I could run for this, so I'm leaving this section empty.

Results of GitLab environment info

Expand for output related to GitLab environment info

System information
System:         Ubuntu 16.04
Current User:   git
Using RVM:      no
Ruby Version:   2.3.3p222
Gem Version:    2.6.6
Bundler Version:1.13.7
Rake Version:   10.5.0
Redis Version:  3.2.5
Git Version:    2.13.0
Sidekiq Version:5.0.0
Go Version:     unknown
GitLab information
Version:        9.4.3
Revision:       b125d21
Directory:      /opt/gitlab/embedded/service/gitlab-rails
DB Adapter:     postgresql
URL:            https://[redacted]
HTTP Clone URL: https://[redacted]/some-group/some-project.git
SSH Clone URL:  git@[redacted]:some-group/some-project.git
Using LDAP:     no
Using Omniauth: yes
Omniauth Providers: google_oauth2, twitter, github
GitLab Shell
Version:        5.3.1
Repository storage paths:

• default: /var/opt/gitlab/git-data/repositories Hooks: /opt/gitlab/embedded/service/gitlab-shell/hooks Git: /opt/gitlab/embedded/bin/git

Results of GitLab application Check

Expand for output related to the GitLab application check

Checking GitLab Shell ...
GitLab Shell version >= 5.3.1 ? ... OK (5.3.1)
Repo base directory exists?
default... yes
Repo storage directories are symlinks?
default... no
Repo paths owned by git:root, or git:git?
default... yes
Repo paths access is drwxrws---?
default... yes
hooks directories in repos are links: ...
6/4 ... ok
6/5 ... ok
2/12 ... ok
6/18 ... ok
2/28 ... ok
2/29 ... ok
2/32 ... ok
8/35 ... ok
2/36 ... ok
26/39 ... ok
26/40 ... ok
2/41 ... ok
8/42 ... ok
6/43 ... ok
31/47 ... ok
2/52 ... ok
1/53 ... ok
6/54 ... ok
36/57 ... repository is empty
2/58 ... ok
36/59 ... repository is empty
6/60 ... ok
8/61 ... ok
1/62 ... ok
8/63 ... ok
6/65 ... ok
1/66 ... ok
2/68 ... ok
2/69 ... ok
2/71 ... ok
6/74 ... ok
6/75 ... ok
6/76 ... repository is empty
1/77 ... ok
6/78 ... repository is empty
1/79 ... repository is empty
2/80 ... ok
2/81 ... ok
Running /opt/gitlab/embedded/service/gitlab-shell/bin/check
Check GitLab API access: OK
Access to /var/opt/gitlab/.ssh/authorized_keys: OK
Send ping to redis server: OK
gitlab-shell self-check successful
Checking GitLab Shell ... Finished
Checking Sidekiq ...
Running? ... yes
Number of Sidekiq processes ... 1
Checking Sidekiq ... Finished
Checking Reply by email ...
Reply by email is disabled in config/gitlab.yml
Checking Reply by email ... Finished
Checking LDAP ...
LDAP is disabled in config/gitlab.yml
Checking LDAP ... Finished
Checking GitLab ...
Git configured correctly? ... yes
Database config exists? ... yes
All migrations up? ... yes
Database contains orphaned GroupMembers? ... no
GitLab config exists? ... yes
GitLab config up to date? ... yes
Log directory writable? ... yes
Tmp directory writable? ... yes
Uploads directory exists? ... yes
Uploads directory has correct permissions? ... yes
Uploads directory tmp has correct permissions? ... yes
Init script exists? ... skipped (omnibus-gitlab has no init script)
Init script up-to-date? ... skipped (omnibus-gitlab has no init script)
Projects have namespace: ...
6/4 ... yes
6/5 ... yes
2/12 ... yes
6/18 ... yes
2/28 ... yes
2/29 ... yes
2/32 ... yes
8/35 ... yes
2/36 ... yes
26/39 ... yes
26/40 ... yes
2/41 ... yes
8/42 ... yes
6/43 ... yes
31/47 ... yes
2/52 ... yes
1/53 ... yes
6/54 ... yes
36/57 ... yes
2/58 ... yes
36/59 ... yes
6/60 ... yes
8/61 ... yes
1/62 ... yes
8/63 ... yes
6/65 ... yes
1/66 ... yes
2/68 ... yes
2/69 ... yes
2/71 ... yes
6/74 ... yes
6/75 ... yes
6/76 ... yes
1/77 ... yes
6/78 ... yes
1/79 ... yes
2/80 ... yes
2/81 ... yes
Redis version >= 2.8.0? ... yes
Ruby version >= 2.3.3 ? ... yes (2.3.3)
Git version >= 2.7.3 ? ... yes (2.13.0)
Active users: ... 16
Checking GitLab ... Finished

Possible fixes

I'm not familiar enough with the code to figure it out