PROXY implementation improvements
While coarsely looking at https://gitlab.com/gitlab-org/gitlab-shell/-/blob/f8c0303a03c911386117c55ba0a6af203fae8120/internal/sshd/sshd.go I noticed a few things we should tidy up.
ProxyHeaderTimeout = 90 * time.Second
This is waaay too long. The proxy immediately sends the PROXY header, so even waiting a full second would be a stretch.
I would recommend at most 500ms.
Why is this important?
This is how long the listener will try to look for a PROXY header. Now, this probing is enabled if gitlab-sshd is configured to use
a proxy header if it exists. When a client executes an ssh-keyscan
no data is sent. This means GitLab-sshd would block for 90 seconds, unless there is in fact a proxy in front.
The PolicyFunc passed into proxyproto.Listener
in line 97 should be able to be configured to include a MustStrictWhiteListPolicy.
This allows limiting the proxies that are trusted (very similar to the real_ip_trusted_addresses
attribute in the gitlab.rb for nginx
Furthermore, in the same instantiation, we should pass a Validator, which checks for PROXY v2 in the header.