1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-24 15:52:41 +01:00

Remove the "ssh-auth-key" script

Summary:
Ref T13436. Historically, this script could be used with a forked copy of "sshd" to do lower-cost per-key auth.

Relatively modern "sshd" supports "%f" to "AuthorizedKeysCommand", which effectively moots this.

Users have never been instructed to use this script for anything, and we moved away from this specific patch to "sshd" some time ago.

Test Plan: Grepped for "ssh-auth-key", no hits.

Maniphest Tasks: T13436

Differential Revision: https://secure.phabricator.com/D20873
This commit is contained in:
epriestley 2019-09-13 07:47:51 -07:00
parent 5d8457a07e
commit 02f85f03bd
2 changed files with 0 additions and 43 deletions

View file

@ -1 +0,0 @@
../scripts/ssh/ssh-auth-key.php

View file

@ -1,42 +0,0 @@
#!/usr/bin/env php
<?php
$root = dirname(dirname(dirname(__FILE__)));
require_once $root.'/scripts/__init_script__.php';
try {
$cert = file_get_contents('php://stdin');
$public_key = PhabricatorAuthSSHPublicKey::newFromRawKey($cert);
} catch (Exception $ex) {
exit(1);
}
$key = id(new PhabricatorAuthSSHKeyQuery())
->setViewer(PhabricatorUser::getOmnipotentUser())
->withKeys(array($public_key))
->withIsActive(true)
->executeOne();
if (!$key) {
exit(1);
}
$object = $key->getObject();
if (!($object instanceof PhabricatorUser)) {
exit(1);
}
$bin = $root.'/bin/ssh-exec';
$cmd = csprintf('%s --phabricator-ssh-user %s', $bin, $object->getUsername());
// This is additional escaping for the SSH 'command="..."' string.
$cmd = addcslashes($cmd, '"\\');
$options = array(
'command="'.$cmd.'"',
'no-port-forwarding',
'no-X11-forwarding',
'no-agent-forwarding',
'no-pty',
);
echo implode(',', $options);
exit(0);