Fix SSH mirrors not working in FIPS mode
What does this MR do and why?
Previously on a FIPS system, adding a project mirror via SSH would
fail because the ssh_data
gem attempted to generate the MD5 hash (https://github.com/github/ssh_data/blob/1c4cacb58fe1cadef31639f5f892c5738cc51be6/lib/ssh_data/public_key/base.rb#L19) of
the server's public keys. To fix this, we return the SHA256 hash in
the controller and make the frontend prefer this when it is available.
Relates to #364562 (closed)
Screenshots or screen recordings
Before (FIPS system)
Before (non-FIPS system)
After
How to set up and validate locally
- Go to a project ->
Settings
->Repository
. - Under
Mirroring Repositories
, enterssh://git@gitlab.com/gitlab-org/gitlab-test.git
or any SSH URL. - Click on
Detect host keys
.
On a FIPS system, this fails with the screenshot above.
On a standard or a FIPS system, we see the SHA256 hashes.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Stan Hu