mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-25 00:02:41 +01:00
8d9bc401e4
Summary: Ref T10866. Fixes T10386. This attempts to make it a little more plausible to follow these directions: - Use simpler language in general. - Remove language suggesting that HTTP requires no additional configuration. - Suggest using a load balancer or an ugly port number instead of swapping SSH to a different port. - Be more granular about `sudo` setup. - Organize better? Test Plan: Read documentation. Reviewers: chad Reviewed By: chad Maniphest Tasks: T10386, T10866 Differential Revision: https://secure.phabricator.com/D15796
23 lines
580 B
Text
23 lines
580 B
Text
# NOTE: You must have OpenSSHD 6.2 or newer; support for AuthorizedKeysCommand
|
|
# was added in this version.
|
|
|
|
# NOTE: Edit these to the correct values for your setup.
|
|
|
|
AuthorizedKeysCommand /usr/libexec/phabricator-ssh-hook.sh
|
|
AuthorizedKeysCommandUser vcs-user
|
|
AllowUsers vcs-user
|
|
|
|
# You may need to tweak these options, but mostly they just turn off everything
|
|
# dangerous.
|
|
|
|
Port 2222
|
|
Protocol 2
|
|
PermitRootLogin no
|
|
AllowAgentForwarding no
|
|
AllowTcpForwarding no
|
|
PrintMotd no
|
|
PrintLastLog no
|
|
PasswordAuthentication no
|
|
AuthorizedKeysFile none
|
|
|
|
PidFile /var/run/sshd-phabricator.pid
|