Allow setting sshd MaxStartups with env variable (fixes #969) (#1111)

README.md

@@ -873,6 +873,7 @@ Below is the complete list of available options that can be used to customize yo
 | `GITLAB_BACKUP_SKIP` | Specified sections are skipped by the backups. Defaults to empty, i.e. `lfs,uploads`. [See](http://doc.gitlab.com/ce/raketasks/backup_restore.html#create-a-backup-of-the-gitlab-system) |
 | `GITLAB_SSH_HOST` | The ssh host. Defaults to **GITLAB_HOST**. |
 | `GITLAB_SSH_LISTEN_PORT` | The ssh port for SSHD to listen on. Defaults to `22` |
+| `GITLAB_SSH_MAXSTARTUPS` | The ssh "MaxStartups" parameter, defaults to `10:30:60`. |
 | `GITLAB_SSH_PORT` | The ssh port number. Defaults to `$GITLAB_SSH_LISTEN_PORT`. |
 | `GITLAB_RELATIVE_URL_ROOT` | The relative url of the GitLab server, e.g. `/git`. No default. |
 | `GITLAB_TRUSTED_PROXIES` | Add IP address reverse proxy to trusted proxy list, otherwise users will appear signed in from that address. Currently only a single entry is permitted. No defaults. |

assets/runtime/env-defaults

@@ -28,6 +28,7 @@ GITLAB_SSH_HOST=${GITLAB_SSH_HOST:-$GITLAB_HOST}
 GITLAB_SSH_PORT=${GITLAB_SSH_PORT:-$GITLAB_SHELL_SSH_PORT} # for backwards compatibility
 GITLAB_SSH_LISTEN_PORT=${GITLAB_SSH_LISTEN_PORT:-22}
 GITLAB_SSH_PORT=${GITLAB_SSH_PORT:-$GITLAB_SSH_LISTEN_PORT}
+GITLAB_SSH_MAXSTARTUPS=${GITLAB_SSH_MAXSTARTUPS:-10:30:60}
 
 NGINX_HSTS_ENABLED=${NGINX_HSTS_ENABLED:-$GITLAB_HTTPS_HSTS_ENABLED} # backward compatibility
 NGINX_HSTS_ENABLED=${NGINX_HSTS_ENABLED:-true}

assets/runtime/functions

@@ -1497,6 +1497,7 @@ generate_ssh_key() {
 }
 
 generate_ssh_host_keys() {
+  sed -i "s|^[#]*MaxStartups 10:30:60|MaxStartups ${GITLAB_SSH_MAXSTARTUPS}|" /etc/ssh/sshd_config
   sed -i "s|#HostKey /etc/ssh/|HostKey ${GITLAB_DATA_DIR}/ssh/|g" /etc/ssh/sshd_config
   if [[ ! -e ${GITLAB_DATA_DIR}/ssh/ssh_host_rsa_key ]]; then
     echo -n "Generating OpenSSH host keys... "