Pabrikator SSH

Saya telah membaca jawaban atas pertanyaan serupa di stackoverflow dan mencoba solusinya tetapi tidak berhasil.

Saya mencoba mengatur phabricator di laptop saya (linux fedora 27) untuk tujuan pembelajaran. Saya sudah menyiapkan dan menjalankannya tetapi saya tidak dapat melihat repo git apa pun di laptop ini. Ada beberapa masalah izin direktori yang saya selesaikan, tetapi saya juga mengalami masalah saat menggunakan ssh phabricator pada port 2222 dan saya memerlukan bantuan. Inilah informasi yang menurut saya perlu untuk memecahkan masalah.

Saya mengikuti petunjuk di sini: https://secure.phabricator.com/book/phabricator/article/diffusion_hosting/

Saya telah menambahkan id_rsa.pub saya ke phabricator melalui Pengaturan UI -> Kunci Publik SSH (http://phabricator.localhost.com/settings/user/myuseraccount/page/ssh/)

Pertama, pengaturan ssh fabricator saya:

[myuseraccount@localhost ~]$ config list |grep ssh 
diffusion.ssh-host
diffusion.ssh-port
diffusion.ssh-user
log.ssh.format
log.ssh.path

[myuseraccount@localhost ~]$ config get diffusion.ssh-host
{   
  "config": [
    {
      "key": "diffusion.ssh-host",
      "source": "local",
      "value": null,
      "status": "unset",
      "errorInfo": null
    },
    {
      "key": "diffusion.ssh-host",
      "source": "database",
      "value": null,
      "status": "unset",
      "errorInfo": null
    }
  ]   
}   
[myuseraccount@localhost ~]$ config get diffusion.ssh-port
{   
  "config": [
    {
      "key": "diffusion.ssh-port",
      "source": "local",
      "value": 2222,
      "status": "set",
      "errorInfo": null
    },
    {
      "key": "diffusion.ssh-port",
      "source": "database",
      "value": null,
      "status": "unset",
      "errorInfo": null
    }
  ]
}
[myuseraccount@localhost ~]$ config get diffusion.ssh-user
{
  "config": [
    {
      "key": "diffusion.ssh-user",
      "source": "local",
      "value": "phssh",
      "status": "set",
      "errorInfo": null
    },
    {
      "key": "diffusion.ssh-user",
      "source": "database",
      "value": null,
      "status": "unset",
      "errorInfo": null
    }
  ]
}
[myuseraccount@localhost ~]$ config get diffusion.ssh.path
{
  "config": [
    {
      "key": "log.ssh.path",
      "source": "local",
      "value": null,
      "status": "unset",
      "errorInfo": null
    },
    {
      "key": "log.ssh.path",
      "source": "database",
      "value": null,
      "status": "unset",
      "errorInfo": null
    }
  ]
}

Kedua direktori .ssh saya

[myuseraccount@localhost .ssh]$ ls
id_rsa  id_rsa.pub  known_hosts

[myuseraccount@localhost .ssh]$ ls -ltrh
total 12K
-rw-r--r--. 1 myuseraccount myuseraccount  412 May  8 21:52 id_rsa.pub
-rw-------. 1 myuseraccount myuseraccount 1.7K May  8 21:52 id_rsa
-rw-r--r--. 1 myuseraccount myuseraccount  194 May  9 08:18 known_hosts

[myuseraccount@localhost .ssh]$ cat id_rsa.pub > authorized_keys

[myuseraccount@localhost .ssh]$ ls -ltrh
total 16K
-rw-r--r--. 1 myuseraccount myuseraccount  412 May  8 21:52 id_rsa.pub
-rw-------. 1 myuseraccount myuseraccount 1.7K May  8 21:52 id_rsa
-rw-r--r--. 1 myuseraccount myuseraccount  194 May  9 08:18 known_hosts
-rw-rw-r--. 1 myuseraccount myuseraccount  412 May 10 07:56 authorized_keys

[myuseraccount@localhost .ssh]$ chmod 644 authorized_keys

[myuseraccount@localhost .ssh]$ ls -ltrh
total 16K
-rw-r--r--. 1 myuseraccount myuseraccount  412 May  8 21:52 id_rsa.pub
-rw-------. 1 myuseraccount myuseraccount 1.7K May  8 21:52 id_rsa
-rw-r--r--. 1 myuseraccount myuseraccount  194 May  9 08:18 known_hosts
-rw-r--r--. 1 myuseraccount myuseraccount  412 May 10 07:56 authorized_keys

Ketiga /etc/ssh/sshd_config.phabricator saya

[myuseraccount@localhost ~]$ sudo cat /etc/ssh/sshd_config.phabricator
# NOTE: You must have OpenSSHD 6.2 or newer; support for AuthorizedKeysCommand
# was added in this version.

# NOTE: Edit these to the correct values for your setup.

AuthorizedKeysCommand /usr/libexec/phabricator-ssh-hook.sh
AuthorizedKeysCommandUser phssh
AllowUsers phssh myuseraccount

# You may need to tweak these options, but mostly they just turn off everything
# dangerous.

Port 2222
Protocol 2
PermitRootLogin no
AllowAgentForwarding no
AllowTcpForwarding no
PrintMotd no
PrintLastLog no
PasswordAuthentication no
ChallengeResponseAuthentication no
AuthorizedKeysFile none

PidFile /var/run/sshd-phabricator.pid

Keempat /usr/libexec/phabricator-ssh-hook.sh

[myuseraccount@localhost ~]$ sudo cat /usr/libexec/phabricator-ssh-hook.sh
#!/bin/sh

# NOTE: Replace this with the username that you expect users to connect with.
VCSUSER="phssh"

# NOTE: Replace this with the path to your Phabricator directory.
ROOT="/var/www/phabricator/phabricator"


if [ "$1" != "$VCSUSER" ];
then
  exit 1
fi

exec "$ROOT/bin/ssh-auth" $@

Kelima, direktori .ssh pengguna phabricator ssh saya (tidak ada):

[phssh@localhost ~]$ cd .ssh
-bash: cd: .ssh: No such file or directory
[phssh@localhost ~]$

Keluaran keenam dari upaya menguji akses ssh untuk pengguna ssh phabircator

[myuseraccount@localhost ~]$ echo {} | ssh -vT -p 2222 [email protected] conduit conduit.ping
OpenSSH_7.6p1, OpenSSL 1.1.0h-fips  27 Mar 2018
debug1: Connecting to phabricator.localhost.com [127.0.0.1] port 2222.
debug1: Connection established.
debug1: identity file /home/myuseraccount/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6
debug1: match: OpenSSH_7.6 pat OpenSSH* compat 0x04000000
debug1: Authenticating to phabricator.localhost.com:2222 as 'phssh'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:zDG5zn8v3kXupOmtXAIR0lARunjm84FZylsi8SSEDiQ
debug1: Host '[phabricator.localhost.com]:2222' is known and matches the ECDSA host key.
debug1: Found key in /home/myuseraccount/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks


debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,null>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:LSpshgB4wrOCld9ZDQSM6m/SeM/xVBnZaXrkDV4iJxo /home/myuseraccount/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/myuseraccount/.ssh/id_dsa
debug1: Trying private key: /home/myuseraccount/.ssh/id_ecdsa
debug1: Trying private key: /home/myuseraccount/.ssh/id_ed25519
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey).

mencoba untuk ssh sebagai diriku sendiri

[myuseraccount@localhost ~]$ ssh -vT -p 2222 [email protected]
OpenSSH_7.6p1, OpenSSL 1.1.0h-fips  27 Mar 2018
debug1: Connecting to phabricator.localhost.com [127.0.0.1] port 2222.
debug1: Connection established.
debug1: identity file /home/myuseraccount/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6
debug1: match: OpenSSH_7.6 pat OpenSSH* compat 0x04000000
debug1: Authenticating to phabricator.localhost.com:2222 as 'myuseraccount'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:zDG5zn8v3kXupOmtXAIR0lARunjm84FZylsi8SSEDiQ
debug1: Host '[phabricator.localhost.com]:2222' is known and matches the ECDSA host key.
debug1: Found key in /home/myuseraccount/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,null>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:LSpshgB4wrOCld9ZDQSM6m/SeM/xVBnZaXrkDV4iJxo /home/myuseraccount/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/myuseraccount/.ssh/id_dsa
debug1: Trying private key: /home/myuseraccount/.ssh/id_ecdsa
debug1: Trying private key: /home/myuseraccount/.ssh/id_ed25519
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey).

Terima kasih sebelumnya atas petunjuk, bimbingan, atau pertanyaan apa pun.


git ssh phabricator
person RJ Cole    schedule 11.05.2018    source sumber

Jawaban (1)


arrow_upward
0
arrow_downward

Saya menemukan jawabannya, yang entah bagaimana saya lewatkan ketika mengikuti instruksi untuk mengatur ini, terkubur dalam komentar pada pertanyaan ini sshd AuthorizedKeysCommand menampilkan status 127:

https://secure.phabricator.com/book/phabricator/article/diffusion_hosting/ "Baik skrip itu sendiri maupun direktori induk tempat skrip berada harus dimiliki oleh root, dan skrip harus memiliki izin 755. Jika Anda tidak melakukan ini, sshd akan menolak mengeksekusi hook." Apakah Anda memeriksanya?

Naskahnya bukan 755!

person RJ Cole    schedule 12.05.2018