Folks; I've been experiencing a *rather* strange behaviour with our gitlab installation. System runs behind an apache2 reverse proxy exposing HTTPS. I do have an external user who has restricted access to various projects. He entered his (valid) credentials and wasn't allowed access to the desired repository mainly because he tried HTTP access while the external proxy only accepted HTTPS.
However I learnt that this user was able to check out arbitrary project(s) using 'git@<hostname>@ credentials, without being prompted for a password and apparently through ssh. This is a bit strange: - The service should only expose HTTP(S), at least the reverse proxy only does HTTPS. There should be no way however to access the system via ssh; the system lives behind a firewall and ssh isn't exposed. How comes ssh access to the gitlab server is working at all? - In the gitlab admin ui, I can't find an actual "git" user account. There's one on the gitlab machine but this is a system user and definitely has a password set. This is not really what I would have expected. For now, I took the machine offline to check what's wrong. Can anyone explain what's going on here? TIA and all the best, Kristian -- You received this message because you are subscribed to the Google Groups "GitLab" group. To unsubscribe from this group and stop receiving emails from it, send an email to gitlabhq+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/gitlabhq/1480940944.3207.4.camel%40gmail.com. For more options, visit https://groups.google.com/d/optout.
