1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-27 16:00:59 +01:00
Commit graph

6 commits

Author SHA1 Message Date
Austin McKinley
8e5afb56af Drop interactive login from sshd example
Summary: Prevent slightly disturbing output on SSH authentication failure that implies some kind of interactive logins are possible: `Permission denied (publickey,keyboard-interactive).`

Test Plan: doitlive

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D18167
2017-06-27 12:51:46 -07:00
epriestley
8d9bc401e4 Improve Diffusion hosting setup instructions somewhat?
Summary:
Ref T10866. Fixes T10386. This attempts to make it a little more plausible to follow these directions:

  - Use simpler language in general.
  - Remove language suggesting that HTTP requires no additional configuration.
  - Suggest using a load balancer or an ugly port number instead of swapping SSH to a different port.
  - Be more granular about `sudo` setup.
  - Organize better?

Test Plan: Read documentation.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10386, T10866

Differential Revision: https://secure.phabricator.com/D15796
2016-04-26 10:06:59 -07:00
epriestley
2e0301d647 Update repository hosting documentation for all the issues users have hit
Summary:
Ref T4151. Addresses these issues:

  - Mentions `diffusion.ssh-user`.
  - Mentions `/etc/shadow` and `!!`.
  - Mentions `/etc/passwd` and shell.
  - Mentions `sshd -d -d -d`.
  - Mentions `Defaults requiretty`.
  - Adds `AllowUsers` to default configuration.
  - Mentions `sudo -E ...` as a troubleshooting step.
  - Mentions multiple VCS binaries.
  - Fixes `sshd` paths to be absolute.
  - Fixes example path in `sshd_config` template.
  - Mentions `GIT_CURL_VERBOSE`.
  - Walks users through cloning.
  - Adds documentation for custom hooks.
  - Mentions that only `daemon-user` interacts with repositories.
  - Added general troubleshooting guide.

I didn't fix these:

  - Weird one-time issue with `sudoers.d/`. We tell you to edit `/etc/sudoers` directly anyway.
  - Insane `#includedir` magic, as above.
  - Confusion around `vcs-user` for HTTP, since I think this is fairly clear.
  - Confusion around parent directory permissions -- not sure about this one, `sshd` normally runs as root?

I added an `ssh-shell` as a safer alternative to `/bin/sh`. I need to test this a bit more.

Test Plan:
  - Read documentation.
  - Will test `ssh-shell`.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: bluehawk, mbishopim3, epriestley

Maniphest Tasks: T4151

Differential Revision: https://secure.phabricator.com/D8586
2014-03-26 06:44:18 -07:00
epriestley
e77d5012be Fix two issues with shell/config scripts for hosted repositories
Summary: Ref T4151. `-ne` is numeric in some/most/all shells; `exec --` apparently doens't always work.

Test Plan: Will make @zeeg test.

Reviewers: btrahan, zeeg

Reviewed By: zeeg

CC: zeeg, aran

Maniphest Tasks: T4151

Differential Revision: https://secure.phabricator.com/D7702
2013-12-04 16:45:54 -08:00
epriestley
6e41016077 Document and remove some scary warnings from repository hosting
Summary: Fixes T2230. This isn't a total walk in the park to configure, but should work for early adopters now.

Test Plan: Read documentation, browsed UI.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2230

Differential Revision: https://secure.phabricator.com/D7634
2013-11-22 15:24:27 -08:00
epriestley
888b3839e7 Prepare to route VCS connections through SSH
Summary:
Fixes T2229. This sets the stage for a patch similar to D7417, but for SSH. In particular, SSH 6.2 introduced an `AuthorizedKeysCommand` directive, which lets us do this in a mostly-reasonable way without needing users to patch sshd (if they have a recent enough version, at least).

The way the `AuthorizedKeysCommand` works is that it gets run and produces an `authorized_keys`-style file fragment. This isn't ideal, because we have to dump every key into the result, but should be fine for most installs. The earlier patch against `sshd` passes the public key itself, which allows the script to just look up the key. We might use this eventually, since it can scale much better, so I haven't removed it.

Generally, auth is split into two scripts now which mostly do the same thing:

  - `ssh-auth` is the AuthorizedKeysCommand auth, which takes nothing and dumps the whole keyfile.
  - `ssh-auth-key` is the slightly cleaner and more scalable (but patch-dependent) version, which takes the public key and dumps only matching options.

I also reworked the argument parsing to be a bit more sane.

Test Plan:
This is somewhat-intentionally a bit obtuse since I don't really want anyone using it yet, but basically:

  - Copy `phabricator-ssh-hook.sh` to somewhere like `/usr/libexec/openssh/`, chown it `root` and chmod it `500`.
    - This script should probably also do a username check in the future.
  - Create a copy of `sshd_config` and fix the paths/etc. Point the KeyScript at your copy of the hook.
  - Start a copy of sshd (6.2 or newer) with `-f <your config file>` and maybe `-d -d -d` to foreground and debug.
  - Run `ssh -p 2222 localhost` or similar.

Specifically, I did this setup and then ran a bunch of commands like:

  - `ssh host` (denied, no command)
  - `ssh host ls` (denied, not supported)
  - `echo '{}' | ssh host conduit conduit.ping` (works)

Reviewers: btrahan

Reviewed By: btrahan

CC: hach-que, aran

Maniphest Tasks: T2229, T2230

Differential Revision: https://secure.phabricator.com/D7419
2013-10-29 15:32:40 -07:00