Docker-gitlab: Upgrade 12.2.0 (from 12.1.6) required host key generation
Maybe related to switch to bionic?
Just migrated from 12.1.6 to 12.2.0 image and the web UI worked fine but the ssh connections all failed.
Looking at the SSHD logs, there were lots of:
No supported key exchange algorithms [preauth]
Could not load host key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Could not load host key: /etc/ssh/ssh_host_ed25519_key
(these files did not exist)
I was able to resolve the issue with ssh-keygen -A to generate new host keys. This was a manual step and hasn't been required in previous upgrades.
chasemaier
All 2 comments
Hey @chasemaier,
thanks for pointing this out. You are correct but the error comes from a different site.
I checked the /etc/ssh/ssd_config in 12.1.6 and 12.2.1
Here is the output:
- 12.1.6
# Package generated configuration file
# See the sshd_config(5) manpage for details
# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /home/git/data/ssh/ssh_host_rsa_key
HostKey /home/git/data/ssh/ssh_host_dsa_key
HostKey /home/git/data/ssh/ssh_host_ecdsa_key
HostKey /home/git/data/ssh/ssh_host_ed25519_key
- 12.2.1
# $OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
#HostKey /home/git/data/ssh/ssh_host_rsa_key
#HostKey /home/git/data/ssh/ssh_host_ecdsa_key
#HostKey /home/git/data/ssh/ssh_host_ed25519_key
The change that happened is that the HostKey is commented. To fix the issue temporarily correct without impacting the users you can uncomment the lines.
I will prepare a fix and make a new release with 12.2.1-1
solidnerd
on 27 Aug 2019
Thank you for the fix. I was getting a plenty of this:
gitlab_1 | 2019-08-28 14:37:27,951 INFO reaped unknown pid 823
gitlab_1 | 2019-08-28 14:38:15,286 INFO reaped unknown pid 847
gitlab_1 | 2019-08-28 14:38:16,385 INFO reaped unknown pid 866
gitlab_1 | 2019-08-28 14:38:34,720 INFO reaped unknown pid 887
Now it works like charm(ander). 馃敟
f3l1x
on 28 Aug 2019
Related issues
pmoralesp
路
3Comments
Nepoxx
路
5Comments
azman0101
路
4Comments
martinspaeth
路
3Comments
chenjie4255
路
3Comments
Most helpful comment
Hey @chasemaier,
thanks for pointing this out. You are correct but the error comes from a different site.
I checked the
/etc/ssh/ssd_configin 12.1.6 and 12.2.1Here is the output:
The change that happened is that the
HostKeyis commented. To fix the issue temporarily correct without impacting the users you can uncomment the lines.I will prepare a fix and make a new release with
12.2.1-1