### Summary For authentication we use `AuthorizedKeysCommand /usr/bin/curl --silent --fail https://gitlab.example.com/%u.keys` in our ssh docker containers. After upgrading to gitlab-ce 13.2.4-ce.0 from 13.1.x this no longer works, because the public keys from the users are no longer public accessible. This is not a problem with my private gitlab server on my raspberry pi (running version 13.2.3). ### Steps to reproduce curl https://gitlab.example.com/username.keys ### What is the current *bug* behavior? Response redirects (302) to https://gitlab.example.com/users/sign_in ### What is the expected *correct* behavior? Response contains the public keys for the given user. ### Output of checks (If you are reporting a bug on GitLab.com, write: This bug happens on GitLab.com) #### Results of GitLab environment info <details> <summary>Expand for output related to GitLab environment info</summary> <pre> gitlab-rake gitlab:env:info System information System: Ubuntu 18.04 Current User: git Using RVM: no Ruby Version: 2.6.6p146 Gem Version: 2.7.10 Bundler Version:1.17.3 Rake Version: 12.3.3 Redis Version: 5.0.9 Git Version: 2.27.0 Sidekiq Version:5.2.9 Go Version: unknown GitLab information Version: 13.2.4 Revision: 136d3a02dca Directory: /opt/gitlab/embedded/service/gitlab-rails DB Adapter: PostgreSQL DB Version: 11.7 URL: https://gitlab.twofour.de HTTP Clone URL: https://gitlab.twofour.de/some-group/some-project.git SSH Clone URL: git@gitlab.twofour.de:some-group/some-project.git Using LDAP: no Using Omniauth: yes Omniauth Providers: GitLab Shell Version: 13.3.0 Repository storage paths: - default: /var/opt/gitlab/git-data/repositories GitLab Shell path: /opt/gitlab/embedded/service/gitlab-shell Git: /opt/gitlab/embedded/bin/git </pre> </details> #### Results of GitLab application Check <details> <summary>Expand for output related to the GitLab application check</summary> <pre> gitlab-rake gitlab:check SANITIZE=true Checking GitLab subtasks ... Checking GitLab Shell ... GitLab Shell: ... GitLab Shell version >= 13.3.0 ? ... OK (13.3.0) Running /opt/gitlab/embedded/service/gitlab-shell/bin/check Internal API available: OK Redis available via internal API: OK gitlab-shell self-check successful Checking GitLab Shell ... Finished Checking Gitaly ... Gitaly: ... default ... OK Checking Gitaly ... Finished Checking Sidekiq ... Sidekiq: ... Running? ... yes Number of Sidekiq processes ... 1 Checking Sidekiq ... Finished Checking Incoming Email ... Incoming Email: ... Reply by email is disabled in config/gitlab.yml Checking Incoming Email ... Finished Checking LDAP ... LDAP: ... LDAP is disabled in config/gitlab.yml Checking LDAP ... Finished Checking GitLab App ... Git configured correctly? ... yes Database config exists? ... yes All migrations up? ... yes Database contains orphaned GroupMembers? ... no GitLab config exists? ... yes GitLab config up to date? ... yes Log directory writable? ... yes Tmp directory writable? ... yes Uploads directory exists? ... yes Uploads directory has correct permissions? ... yes Uploads directory tmp has correct permissions? ... yes Init script exists? ... skipped (omnibus-gitlab has no init script) Init script up-to-date? ... skipped (omnibus-gitlab has no init script) Projects have namespace: ... 14/1 ... yes 19/4 ... yes 16/5 ... yes 19/6 ... yes 4/7 ... yes 6/9 ... yes 4/10 ... yes 2/18 ... yes 2/19 ... yes 6/20 ... yes 6/21 ... yes 4/27 ... yes 6/28 ... yes 6/29 ... yes 38/30 ... yes 6/31 ... yes 6/32 ... yes 6/33 ... yes 6/34 ... yes 6/35 ... yes 6/36 ... yes 6/37 ... yes 4/39 ... yes 6/40 ... yes 13/44 ... yes 2/45 ... yes 20/47 ... yes 20/49 ... yes 23/52 ... yes 15/55 ... yes 15/56 ... yes 18/57 ... yes 17/58 ... yes 15/59 ... yes 15/60 ... yes 19/62 ... yes 19/63 ... yes 16/64 ... yes 20/65 ... yes 21/66 ... yes 115/67 ... yes 22/68 ... yes 20/69 ... yes 20/70 ... yes 23/72 ... yes 15/73 ... yes 14/74 ... yes 24/75 ... yes 25/76 ... yes 14/77 ... yes 26/78 ... yes 69/79 ... yes 19/80 ... yes 27/81 ... yes 28/82 ... yes 28/83 ... yes 28/84 ... yes 28/85 ... yes 20/86 ... yes 20/87 ... yes 7/89 ... yes 29/90 ... yes 29/91 ... yes 20/92 ... yes 119/93 ... yes 106/94 ... yes 105/95 ... yes 107/97 ... yes 44/98 ... yes 112/99 ... yes 118/100 ... yes 120/101 ... yes 20/102 ... yes 21/103 ... yes 116/104 ... yes 43/106 ... yes 30/108 ... yes 4/111 ... yes 20/112 ... yes 17/113 ... yes 17/114 ... yes 42/116 ... yes 20/119 ... yes 20/120 ... yes 32/121 ... yes 117/122 ... yes 34/133 ... yes 34/134 ... yes 34/135 ... yes 34/136 ... yes 6/138 ... yes 35/140 ... yes 5/141 ... yes 7/142 ... yes 7/144 ... yes 6/145 ... yes 7/146 ... yes 4/147 ... yes 6/148 ... yes 5/149 ... yes 36/150 ... yes 2/151 ... yes 37/153 ... yes 38/155 ... yes 20/157 ... yes 36/158 ... yes 18/159 ... yes 51/160 ... yes 35/163 ... yes 5/165 ... yes 37/166 ... yes 39/167 ... yes 37/168 ... yes 6/169 ... yes 38/170 ... yes 6/171 ... yes 5/172 ... yes 5/173 ... yes 5/174 ... yes 2/176 ... yes 40/178 ... yes 5/179 ... yes 33/180 ... yes 77/181 ... yes 38/182 ... yes 6/183 ... yes 38/184 ... yes 6/185 ... yes 4/188 ... yes 28/190 ... yes 28/191 ... yes 2/192 ... yes 4/194 ... yes 41/195 ... yes 41/196 ... yes 17/197 ... yes 7/198 ... yes 20/199 ... yes 8/202 ... yes 37/204 ... yes 4/205 ... yes 38/208 ... yes 6/209 ... yes 8/210 ... yes 6/211 ... yes 7/212 ... yes 4/213 ... yes 45/215 ... yes 7/217 ... yes 39/220 ... yes 37/222 ... yes 37/223 ... yes 5/225 ... yes 20/226 ... yes 20/227 ... yes 20/228 ... yes 34/229 ... yes 5/230 ... yes 4/231 ... yes 20/233 ... yes 7/238 ... yes 4/239 ... yes 5/240 ... yes 6/241 ... yes 8/242 ... yes 52/243 ... yes 15/244 ... yes 5/246 ... yes 15/247 ... yes 6/248 ... yes 4/250 ... yes 37/252 ... yes 38/254 ... yes 38/255 ... yes 38/256 ... yes 53/262 ... yes 53/263 ... yes 53/265 ... yes 47/274 ... yes 49/277 ... yes 6/279 ... yes 7/291 ... yes 47/299 ... yes 6/305 ... yes 53/308 ... yes 53/309 ... yes 53/310 ... yes 20/311 ... yes 53/312 ... yes 53/313 ... yes 53/314 ... yes 53/317 ... yes 53/318 ... yes 53/319 ... yes 37/320 ... yes 59/321 ... yes 59/322 ... yes 38/324 ... yes 15/325 ... yes 53/326 ... yes 53/327 ... yes 60/328 ... yes 60/329 ... yes 69/331 ... yes 69/332 ... yes 62/334 ... yes 4/335 ... yes 20/336 ... yes 53/338 ... yes 53/339 ... yes 53/340 ... yes 53/344 ... yes 53/345 ... yes 51/347 ... yes 53/348 ... yes 38/350 ... yes 4/352 ... yes 6/353 ... yes 53/354 ... yes 53/355 ... yes 38/356 ... yes 51/357 ... yes 69/358 ... yes 37/359 ... yes 4/360 ... yes 53/364 ... yes 38/365 ... yes 7/366 ... yes 51/368 ... yes 51/369 ... yes 51/370 ... yes 51/375 ... yes 71/381 ... yes 71/382 ... yes 51/383 ... yes 74/385 ... yes 14/386 ... yes 49/387 ... yes 8/388 ... yes 51/389 ... yes 51/390 ... yes 53/391 ... yes 7/392 ... yes 51/393 ... yes 51/394 ... yes 53/395 ... yes 47/397 ... yes 47/398 ... yes 15/400 ... yes 15/401 ... yes 51/402 ... yes 76/403 ... yes 49/404 ... yes 75/405 ... yes 5/406 ... yes 38/407 ... yes 77/408 ... yes 77/409 ... yes 76/410 ... yes 76/411 ... yes 76/412 ... yes 76/413 ... yes 77/414 ... yes 51/415 ... yes 6/416 ... yes 77/417 ... yes 5/418 ... yes 77/419 ... yes 77/420 ... yes 37/421 ... yes 77/422 ... yes 77/423 ... yes 77/424 ... yes 77/425 ... yes 52/426 ... yes 51/427 ... yes 51/429 ... yes 78/430 ... yes 77/431 ... yes 76/432 ... yes 77/434 ... yes 77/435 ... yes 77/436 ... yes 77/437 ... yes 77/438 ... yes 51/439 ... yes 77/440 ... yes 77/441 ... yes 77/449 ... yes 77/453 ... yes 77/454 ... yes 77/455 ... yes 77/456 ... yes 77/457 ... yes 77/458 ... yes 77/459 ... yes 77/460 ... yes 77/461 ... yes 6/462 ... yes 76/463 ... yes 77/464 ... yes 77/465 ... yes 78/466 ... yes 53/467 ... yes 53/468 ... yes 5/469 ... yes 62/470 ... yes 77/471 ... yes 7/472 ... yes 20/473 ... yes 53/474 ... yes 53/475 ... yes 51/476 ... yes 77/477 ... yes 82/478 ... yes 6/479 ... yes 77/480 ... yes 8/481 ... yes 69/483 ... yes 69/484 ... yes 77/486 ... yes 53/487 ... yes 53/488 ... yes 62/489 ... yes 18/492 ... yes 69/493 ... yes 37/494 ... yes 77/497 ... yes 85/498 ... yes 53/499 ... yes 53/502 ... yes 20/503 ... yes 76/504 ... yes 86/505 ... yes 53/507 ... yes 77/508 ... yes 51/509 ... yes 16/510 ... yes 91/512 ... yes 51/513 ... yes 53/514 ... yes 53/515 ... yes 91/516 ... yes 53/517 ... yes 86/518 ... yes 69/519 ... yes 77/520 ... yes 93/521 ... yes 42/523 ... yes 51/524 ... yes 86/525 ... yes 49/526 ... yes 69/527 ... yes 53/528 ... yes 53/530 ... yes 53/531 ... yes 37/532 ... yes 77/533 ... yes 59/534 ... yes 20/535 ... yes 37/537 ... yes 59/538 ... yes 53/539 ... yes 94/540 ... yes 37/541 ... yes 51/542 ... yes 8/544 ... yes 50/545 ... yes 51/546 ... yes 53/548 ... yes 53/550 ... yes 53/551 ... yes 53/552 ... yes 5/553 ... yes 85/554 ... yes 94/555 ... yes 53/556 ... yes 53/557 ... yes 53/558 ... yes 53/559 ... yes 53/560 ... yes 53/561 ... yes 48/562 ... yes 95/563 ... yes 97/564 ... yes 49/565 ... yes 15/566 ... yes 15/567 ... yes 77/568 ... yes 75/569 ... yes 75/570 ... yes 75/571 ... yes 75/572 ... yes 75/573 ... yes 75/574 ... yes 77/575 ... yes 51/576 ... yes 51/577 ... yes 99/578 ... yes 53/579 ... yes 86/580 ... yes 99/581 ... yes 99/582 ... yes 101/583 ... yes 102/584 ... yes 85/585 ... yes 49/586 ... yes 77/587 ... yes 77/588 ... yes 20/589 ... yes 53/590 ... yes 76/591 ... yes 77/592 ... yes 4/593 ... yes 77/594 ... yes 77/595 ... yes 77/597 ... yes 104/598 ... yes 53/599 ... yes 53/600 ... yes 2/601 ... yes 51/603 ... yes 7/604 ... yes 63/606 ... yes 77/607 ... yes 99/608 ... yes 51/609 ... yes 77/610 ... yes 51/611 ... yes 5/612 ... yes 20/613 ... yes 77/614 ... yes 53/615 ... yes 108/616 ... yes 4/619 ... yes 108/621 ... yes 108/622 ... yes 37/623 ... yes 15/624 ... yes 33/625 ... yes 53/626 ... yes 77/627 ... yes 53/628 ... yes 108/629 ... yes 110/630 ... yes 110/631 ... yes 53/632 ... yes 51/633 ... yes 51/634 ... yes 53/635 ... yes 77/636 ... yes 77/637 ... yes 77/638 ... yes 77/639 ... yes 77/640 ... yes 111/641 ... yes 69/642 ... yes 51/643 ... yes 4/644 ... yes 49/646 ... yes 37/647 ... yes 69/648 ... yes 53/649 ... yes 13/650 ... yes 77/651 ... yes 53/652 ... yes 75/653 ... yes 53/654 ... yes 20/656 ... yes 53/657 ... yes 77/658 ... yes 53/659 ... yes 53/660 ... yes 63/662 ... yes 51/663 ... yes 109/667 ... yes 37/668 ... yes 51/669 ... yes 20/670 ... yes 77/674 ... yes 4/677 ... yes 86/678 ... yes 75/679 ... yes 75/680 ... yes 122/681 ... yes 122/682 ... yes 122/683 ... yes 122/684 ... yes 122/685 ... yes 123/686 ... yes 77/687 ... yes 75/688 ... yes 77/689 ... yes 75/690 ... yes 122/691 ... yes 77/692 ... yes 123/693 ... yes 53/694 ... yes 53/695 ... yes 53/696 ... yes 53/697 ... yes 94/698 ... yes 51/699 ... yes 77/700 ... yes 77/701 ... yes 51/702 ... yes 86/703 ... yes 122/704 ... yes 85/705 ... yes 77/707 ... yes 124/708 ... yes 122/709 ... yes 110/710 ... yes 77/711 ... yes 77/712 ... yes 51/713 ... yes 51/714 ... yes 85/715 ... yes 37/716 ... yes 2/717 ... yes 85/719 ... yes 15/720 ... yes 53/721 ... yes 85/722 ... yes 85/723 ... yes 85/724 ... yes 85/725 ... yes 37/726 ... yes 86/728 ... yes 86/729 ... yes 53/731 ... yes 20/732 ... yes 85/733 ... yes 85/734 ... yes 85/735 ... yes 53/736 ... yes 53/737 ... yes 53/738 ... yes 53/739 ... yes 15/740 ... yes 15/741 ... yes 53/742 ... yes 125/743 ... yes 51/744 ... yes 51/745 ... yes 50/746 ... yes 126/747 ... yes 126/748 ... yes 51/749 ... yes 20/751 ... yes 20/752 ... yes 4/753 ... yes 51/754 ... yes 126/755 ... yes 126/756 ... yes 51/757 ... yes 51/758 ... yes 51/759 ... yes 51/760 ... yes 49/761 ... yes 2/762 ... yes 51/763 ... yes 85/764 ... yes 127/765 ... yes 85/766 ... yes 51/767 ... yes 15/768 ... yes 85/769 ... yes 51/770 ... yes 13/771 ... yes 127/772 ... yes 49/773 ... yes 20/774 ... yes 53/775 ... yes 20/776 ... yes 20/777 ... yes 99/778 ... yes 51/779 ... yes 112/780 ... yes 2/781 ... yes 69/782 ... yes 53/783 ... yes 53/785 ... yes 53/786 ... yes 51/787 ... yes 127/788 ... yes 127/789 ... yes 49/790 ... yes 49/791 ... yes 22/792 ... yes 53/793 ... yes 51/794 ... yes 133/796 ... yes 127/799 ... yes 76/800 ... yes 49/801 ... yes 51/802 ... yes 49/803 ... yes 133/804 ... yes 69/805 ... yes 49/806 ... yes 69/807 ... yes 51/808 ... yes 51/809 ... yes 94/810 ... yes 94/811 ... yes 94/812 ... yes 51/813 ... yes 136/814 ... yes 136/815 ... yes 136/816 ... yes 136/817 ... yes 136/818 ... yes 136/819 ... yes 138/820 ... yes 138/821 ... yes 138/822 ... yes 138/823 ... yes 138/824 ... yes 138/825 ... yes 138/826 ... yes 138/827 ... yes 138/828 ... yes 138/829 ... yes 138/830 ... yes 138/831 ... yes 138/832 ... yes 138/833 ... yes 138/834 ... yes 138/835 ... yes 138/836 ... yes 138/837 ... yes 138/838 ... yes 138/839 ... yes 138/840 ... yes 138/841 ... yes 138/842 ... yes 138/843 ... yes 139/844 ... yes 139/845 ... yes 139/846 ... yes 139/847 ... yes 139/848 ... yes 139/849 ... yes 139/850 ... yes 139/851 ... yes 139/852 ... yes 140/853 ... yes 140/854 ... yes 140/855 ... yes 140/856 ... yes 140/857 ... yes 140/858 ... yes 140/859 ... yes 140/860 ... yes 140/861 ... yes 140/862 ... yes 140/863 ... yes 140/864 ... yes 140/865 ... yes 140/866 ... yes 140/867 ... yes 140/868 ... yes 140/869 ... yes 140/870 ... yes 69/871 ... yes 140/872 ... yes 51/873 ... yes 51/874 ... yes 138/875 ... yes 140/876 ... yes 51/877 ... yes 136/878 ... yes 136/879 ... yes 136/880 ... yes 136/881 ... yes 136/882 ... yes 144/883 ... yes 145/884 ... yes 145/885 ... yes 145/886 ... yes 146/889 ... yes 84/890 ... yes 77/891 ... yes 136/892 ... yes 160/893 ... yes 51/894 ... yes 20/895 ... yes 2/896 ... yes 20/897 ... yes 51/898 ... yes 53/899 ... yes 69/900 ... yes 53/901 ... yes 77/902 ... yes 77/903 ... yes Redis version >= 4.0.0? ... yes Ruby version >= 2.5.3 ? ... yes (2.6.6) Git version >= 2.22.0 ? ... yes (2.27.0) Git user has default SSH configuration? ... yes Active users: ... 47 Is authorized keys file accessible? ... skipped (authorized keys not enabled) GitLab configured to store new projects in hashed storage? ... yes All projects are in hashed storage? ... no Try fixing it: Please migrate all projects to hashed storage as legacy storage is deprecated in 13.0 and support will be removed in 14.0. For more information see: doc/administration/repository_storage_types.md Checking GitLab App ... Finished Checking GitLab subtasks ... Finished </pre> </details> ### Possible fixes Revert https://gitlab.com/gitlab-org/gitlab/-/merge_requests/35507 and it works.