mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-16 10:30:56 +01:00
2e0301d647
Summary: Ref T4151. Addresses these issues: - Mentions `diffusion.ssh-user`. - Mentions `/etc/shadow` and `!!`. - Mentions `/etc/passwd` and shell. - Mentions `sshd -d -d -d`. - Mentions `Defaults requiretty`. - Adds `AllowUsers` to default configuration. - Mentions `sudo -E ...` as a troubleshooting step. - Mentions multiple VCS binaries. - Fixes `sshd` paths to be absolute. - Fixes example path in `sshd_config` template. - Mentions `GIT_CURL_VERBOSE`. - Walks users through cloning. - Adds documentation for custom hooks. - Mentions that only `daemon-user` interacts with repositories. - Added general troubleshooting guide. I didn't fix these: - Weird one-time issue with `sudoers.d/`. We tell you to edit `/etc/sudoers` directly anyway. - Insane `#includedir` magic, as above. - Confusion around `vcs-user` for HTTP, since I think this is fairly clear. - Confusion around parent directory permissions -- not sure about this one, `sshd` normally runs as root? I added an `ssh-shell` as a safer alternative to `/bin/sh`. I need to test this a bit more. Test Plan: - Read documentation. - Will test `ssh-shell`. Reviewers: btrahan, chad Reviewed By: chad Subscribers: bluehawk, mbishopim3, epriestley Maniphest Tasks: T4151 Differential Revision: https://secure.phabricator.com/D8586
23 lines
578 B
Text
23 lines
578 B
Text
# NOTE: You must have OpenSSHD 6.2 or newer; support for AuthorizedKeysCommand
|
|
# was added in this version.
|
|
|
|
# NOTE: Edit these to the correct values for your setup.
|
|
|
|
AuthorizedKeysCommand /usr/libexec/phabricator-ssh-hook.sh
|
|
AuthorizedKeysCommandUser vcs-user
|
|
AllowUsers vcs-user
|
|
|
|
# You may need to tweak these options, but mostly they just turn off everything
|
|
# dangerous.
|
|
|
|
Port 22
|
|
Protocol 2
|
|
PermitRootLogin no
|
|
AllowAgentForwarding no
|
|
AllowTcpForwarding no
|
|
PrintMotd no
|
|
PrintLastLog no
|
|
PasswordAuthentication no
|
|
AuthorizedKeysFile none
|
|
|
|
PidFile /var/run/sshd-phabricator.pid
|