Phabricator SSH
Question
I have read the answers to similar questions on stackoverflow and tried the solutions but they haven't worked.
I'm trying to set up phabricator on my laptop (linux fedora 27) for learning purposes. I've got it set up and running but I am unable to observe any git repos on this laptop. There are a couple of directory permission issues I'm resoloving, but I'm also running into an issue using phabricator's ssh on port 2222 and would love some assistance. Here's the information I think is necessary to troubleshoot.
I followed the instructions here: https://secure.phabricator.com/book/phabricator/article/diffusion_hosting/
I have added my id_rsa.pub to phabricator through the UI Settings -> SSH Public Keys ( http://phabricator.localhost.com/settings/user/myuseraccount/page/ssh/ )
First, my phabricator ssh settings:
[myuseraccount@localhost ~]$ config list |grep ssh
diffusion.ssh-host
diffusion.ssh-port
diffusion.ssh-user
log.ssh.format
log.ssh.path
[myuseraccount@localhost ~]$ config get diffusion.ssh-host
{
"config": [
{
"key": "diffusion.ssh-host",
"source": "local",
"value": null,
"status": "unset",
"errorInfo": null
},
{
"key": "diffusion.ssh-host",
"source": "database",
"value": null,
"status": "unset",
"errorInfo": null
}
]
}
[myuseraccount@localhost ~]$ config get diffusion.ssh-port
{
"config": [
{
"key": "diffusion.ssh-port",
"source": "local",
"value": 2222,
"status": "set",
"errorInfo": null
},
{
"key": "diffusion.ssh-port",
"source": "database",
"value": null,
"status": "unset",
"errorInfo": null
}
]
}
[myuseraccount@localhost ~]$ config get diffusion.ssh-user
{
"config": [
{
"key": "diffusion.ssh-user",
"source": "local",
"value": "phssh",
"status": "set",
"errorInfo": null
},
{
"key": "diffusion.ssh-user",
"source": "database",
"value": null,
"status": "unset",
"errorInfo": null
}
]
}
[myuseraccount@localhost ~]$ config get diffusion.ssh.path
{
"config": [
{
"key": "log.ssh.path",
"source": "local",
"value": null,
"status": "unset",
"errorInfo": null
},
{
"key": "log.ssh.path",
"source": "database",
"value": null,
"status": "unset",
"errorInfo": null
}
]
}
Second my .ssh directory
[myuseraccount@localhost .ssh]$ ls
id_rsa id_rsa.pub known_hosts
[myuseraccount@localhost .ssh]$ ls -ltrh
total 12K
-rw-r--r--. 1 myuseraccount myuseraccount 412 May 8 21:52 id_rsa.pub
-rw-------. 1 myuseraccount myuseraccount 1.7K May 8 21:52 id_rsa
-rw-r--r--. 1 myuseraccount myuseraccount 194 May 9 08:18 known_hosts
[myuseraccount@localhost .ssh]$ cat id_rsa.pub > authorized_keys
[myuseraccount@localhost .ssh]$ ls -ltrh
total 16K
-rw-r--r--. 1 myuseraccount myuseraccount 412 May 8 21:52 id_rsa.pub
-rw-------. 1 myuseraccount myuseraccount 1.7K May 8 21:52 id_rsa
-rw-r--r--. 1 myuseraccount myuseraccount 194 May 9 08:18 known_hosts
-rw-rw-r--. 1 myuseraccount myuseraccount 412 May 10 07:56 authorized_keys
[myuseraccount@localhost .ssh]$ chmod 644 authorized_keys
[myuseraccount@localhost .ssh]$ ls -ltrh
total 16K
-rw-r--r--. 1 myuseraccount myuseraccount 412 May 8 21:52 id_rsa.pub
-rw-------. 1 myuseraccount myuseraccount 1.7K May 8 21:52 id_rsa
-rw-r--r--. 1 myuseraccount myuseraccount 194 May 9 08:18 known_hosts
-rw-r--r--. 1 myuseraccount myuseraccount 412 May 10 07:56 authorized_keys
Third my /etc/ssh/sshd_config.phabricator
[myuseraccount@localhost ~]$ sudo cat /etc/ssh/sshd_config.phabricator
# NOTE: You must have OpenSSHD 6.2 or newer; support for AuthorizedKeysCommand
# was added in this version.
# NOTE: Edit these to the correct values for your setup.
AuthorizedKeysCommand /usr/libexec/phabricator-ssh-hook.sh
AuthorizedKeysCommandUser phssh
AllowUsers phssh myuseraccount
# You may need to tweak these options, but mostly they just turn off everything
# dangerous.
Port 2222
Protocol 2
PermitRootLogin no
AllowAgentForwarding no
AllowTcpForwarding no
PrintMotd no
PrintLastLog no
PasswordAuthentication no
ChallengeResponseAuthentication no
AuthorizedKeysFile none
PidFile /var/run/sshd-phabricator.pid
Fourth my /usr/libexec/phabricator-ssh-hook.sh
[myuseraccount@localhost ~]$ sudo cat /usr/libexec/phabricator-ssh-hook.sh
#!/bin/sh
# NOTE: Replace this with the username that you expect users to connect with.
VCSUSER="phssh"
# NOTE: Replace this with the path to your Phabricator directory.
ROOT="/var/www/phabricator/phabricator"
if [ "$1" != "$VCSUSER" ];
then
exit 1
fi
exec "$ROOT/bin/ssh-auth" $@
Fifth my phabricator ssh user's .ssh directory (there isn't one):
[phssh@localhost ~]$ cd .ssh
-bash: cd: .ssh: No such file or directory
[phssh@localhost ~]$
Sixth output from attempt to test ssh access for phabircator's ssh user
[myuseraccount@localhost ~]$ echo {} | ssh -vT -p 2222 phssh@phabricator.localhost.com conduit conduit.ping
OpenSSH_7.6p1, OpenSSL 1.1.0h-fips 27 Mar 2018
debug1: Connecting to phabricator.localhost.com [127.0.0.1] port 2222.
debug1: Connection established.
debug1: identity file /home/myuseraccount/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6
debug1: match: OpenSSH_7.6 pat OpenSSH* compat 0x04000000
debug1: Authenticating to phabricator.localhost.com:2222 as 'phssh'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:zDG5zn8v3kXupOmtXAIR0lARunjm84FZylsi8SSEDiQ
debug1: Host '[phabricator.localhost.com]:2222' is known and matches the ECDSA host key.
debug1: Found key in /home/myuseraccount/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,null>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:LSpshgB4wrOCld9ZDQSM6m/SeM/xVBnZaXrkDV4iJxo /home/myuseraccount/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/myuseraccount/.ssh/id_dsa
debug1: Trying private key: /home/myuseraccount/.ssh/id_ecdsa
debug1: Trying private key: /home/myuseraccount/.ssh/id_ed25519
debug1: No more authentication methods to try.
phssh@phabricator.localhost.com: Permission denied (publickey).
attempting to ssh as myself
[myuseraccount@localhost ~]$ ssh -vT -p 2222 myuseraccount@phabricator.localhost.com
OpenSSH_7.6p1, OpenSSL 1.1.0h-fips 27 Mar 2018
debug1: Connecting to phabricator.localhost.com [127.0.0.1] port 2222.
debug1: Connection established.
debug1: identity file /home/myuseraccount/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6
debug1: match: OpenSSH_7.6 pat OpenSSH* compat 0x04000000
debug1: Authenticating to phabricator.localhost.com:2222 as 'myuseraccount'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:zDG5zn8v3kXupOmtXAIR0lARunjm84FZylsi8SSEDiQ
debug1: Host '[phabricator.localhost.com]:2222' is known and matches the ECDSA host key.
debug1: Found key in /home/myuseraccount/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,null>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:LSpshgB4wrOCld9ZDQSM6m/SeM/xVBnZaXrkDV4iJxo /home/myuseraccount/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/myuseraccount/.ssh/id_dsa
debug1: Trying private key: /home/myuseraccount/.ssh/id_ecdsa
debug1: Trying private key: /home/myuseraccount/.ssh/id_ed25519
debug1: No more authentication methods to try.
myuseraccount@phabricator.localhost.com: Permission denied (publickey).
Thanks in advance for any pointers or guidance or questions.
1 answers
solution1
0 ACCPTED 2018-05-12 11:22:35
I found the answer, which I'd somehow missed when following the instructions to set this up, buried in the comments on this question sshd AuthorizedKeysCommand throws status 127 :
https://secure.phabricator.com/book/phabricator/article/diffusion_hosting/ "Both the script itself and the parent directory the script resides in must be owned by root, and the script must have 755 permissions. If you don't do this, sshd will refuse to execute the hook." Did you check that?
The script wasn't 755!
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Configure Git with SSH for Phabricator
Using git with ssh for Phabricator
Phabricator git ssh clone fails with password required error
Phabricator - How to Review a Merge
Phabricator hook and Bitbucket
Phabricator git command not found
Phabricator review all commits
Sequentialization and parallelization of builds in Phabricator
Undo last diff in Phabricator
Retrieve commits from phabricator
Related Tags