gitlab-sshd
in GitLab Shell
gitlab-sshd
is a binary in gitlab-shell
which runs as a persistent SSH daemon. It is intended to replace OpenSSH
on GitLab SaaS,
and eventually other cloud-native environments. Instead of running an sshd
process,
we run a gitlab-sshd
process that does the same job, in a more focused manner:
%%{init: { "fontFamily": "GitLab Sans" }}%% sequenceDiagram participant Git on client participant GitLab SSHD participant Rails participant Gitaly participant Git on server Note left of Git on client: git fetch Git on client->>+GitLab SSHD: ssh git fetch-pack request GitLab SSHD->>+Rails: GET /internal/api/authorized_keys?key=AAAA... Note right of Rails: Lookup key ID Rails-->>-GitLab SSHD: 200 OK, command="gitlab-shell upload-pack key_id=1" GitLab SSHD->>+Rails: GET /internal/api/allowed?action=upload_pack&key_id=1 Note right of Rails: Auth check Rails-->>-GitLab SSHD: 200 OK, { gitaly: ... } GitLab SSHD->>+Gitaly: SSHService.SSHUploadPack request Gitaly->>+Git on server: git upload-pack request Note over Git on client,Git on server: Bidirectional communication between Git client and server Git on server-->>-Gitaly: git upload-pack response Gitaly -->>-GitLab SSHD: SSHService.SSHUploadPack response GitLab SSHD-->>-Git on client: ssh git fetch-pack response