gitlab-sshd returns "ERROR: Unknown command" when authorizing with SSH cert.
Steps to reproduce
- Create and upload an SSH certificate:
ssh-keygen -f CA -t ed25519
curl -X POST -H "PRIVATE-TOKEN: $GITLAB_TOKEN" "https://gitlab.com/api/v4/groups/70922686/ssh_certificates" -d '{ "id": $group_id, "title": "test", "key": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFeoDqZpXiPIHnk0HlHjpbRPAuJ/+U5Rnx0nmLIHHcXO" }'
- Sign a user key for an Enterprise user of the group:
ssh-keygen -s CA -I "user@example.org" -V +1d user-key.pub
- Attempt authentication with the key:
ssh -o "IdentitiesOnly=yes" -F /dev/null -i user-key git@gitlab.com -T
What is the expected correct behavior?
command/discover/discover.go
returns Welcome to GitLab, @user
or at least Welcome to GitLab, anonymous
What is the current bug behavior?
We end up in handleShell
s if err != nil
condition: https://gitlab.com/gitlab-org/gitlab-shell/-/blob/c28c003baa80cb025c610352ee10536452ed065c/internal/sshd/session.go#L191
❯ ssh -o "IdentitiesOnly=yes" -F /dev/null -i user-key git@gitlab.com -T
remote:
remote: ========================================================================
remote:
remote: ERROR: Unknown command:
remote:
remote: ========================================================================
remote:
Edited by Niklas Janz