Фабрикатор SSH

Я прочитал ответы на подобные вопросы в stackoverflow и попробовал решения, но они не сработали.

Я пытаюсь настроить фабрикатор на своем ноутбуке (linux fedora 27) для обучения. У меня он настроен и работает, но я не могу наблюдать какие-либо репозитории git на этом ноутбуке. Есть несколько проблем с правами доступа к каталогам, которые я решаю, но я также столкнулся с проблемой, используя ssh phabricator на порту 2222, и мне нужна помощь. Вот информация, которая, как мне кажется, необходима для устранения неполадок.

Я следовал инструкциям здесь: https://secure.phabricator.com/book/phabricator/article/diffusion_hosting/

Я добавил свой id_rsa.pub в фабрикатор через Настройки пользовательского интерфейса -> Открытые ключи SSH (http://phabricator.localhost.com/settings/user/myuseraccount/page/ssh/)

Во-первых, настройки моего фабрикатора ssh:

[myuseraccount@localhost ~]$ config list |grep ssh 
diffusion.ssh-host
diffusion.ssh-port
diffusion.ssh-user
log.ssh.format
log.ssh.path

[myuseraccount@localhost ~]$ config get diffusion.ssh-host
{   
  "config": [
    {
      "key": "diffusion.ssh-host",
      "source": "local",
      "value": null,
      "status": "unset",
      "errorInfo": null
    },
    {
      "key": "diffusion.ssh-host",
      "source": "database",
      "value": null,
      "status": "unset",
      "errorInfo": null
    }
  ]   
}   
[myuseraccount@localhost ~]$ config get diffusion.ssh-port
{   
  "config": [
    {
      "key": "diffusion.ssh-port",
      "source": "local",
      "value": 2222,
      "status": "set",
      "errorInfo": null
    },
    {
      "key": "diffusion.ssh-port",
      "source": "database",
      "value": null,
      "status": "unset",
      "errorInfo": null
    }
  ]
}
[myuseraccount@localhost ~]$ config get diffusion.ssh-user
{
  "config": [
    {
      "key": "diffusion.ssh-user",
      "source": "local",
      "value": "phssh",
      "status": "set",
      "errorInfo": null
    },
    {
      "key": "diffusion.ssh-user",
      "source": "database",
      "value": null,
      "status": "unset",
      "errorInfo": null
    }
  ]
}
[myuseraccount@localhost ~]$ config get diffusion.ssh.path
{
  "config": [
    {
      "key": "log.ssh.path",
      "source": "local",
      "value": null,
      "status": "unset",
      "errorInfo": null
    },
    {
      "key": "log.ssh.path",
      "source": "database",
      "value": null,
      "status": "unset",
      "errorInfo": null
    }
  ]
}

Второй мой каталог .ssh

[myuseraccount@localhost .ssh]$ ls
id_rsa  id_rsa.pub  known_hosts

[myuseraccount@localhost .ssh]$ ls -ltrh
total 12K
-rw-r--r--. 1 myuseraccount myuseraccount  412 May  8 21:52 id_rsa.pub
-rw-------. 1 myuseraccount myuseraccount 1.7K May  8 21:52 id_rsa
-rw-r--r--. 1 myuseraccount myuseraccount  194 May  9 08:18 known_hosts

[myuseraccount@localhost .ssh]$ cat id_rsa.pub > authorized_keys

[myuseraccount@localhost .ssh]$ ls -ltrh
total 16K
-rw-r--r--. 1 myuseraccount myuseraccount  412 May  8 21:52 id_rsa.pub
-rw-------. 1 myuseraccount myuseraccount 1.7K May  8 21:52 id_rsa
-rw-r--r--. 1 myuseraccount myuseraccount  194 May  9 08:18 known_hosts
-rw-rw-r--. 1 myuseraccount myuseraccount  412 May 10 07:56 authorized_keys

[myuseraccount@localhost .ssh]$ chmod 644 authorized_keys

[myuseraccount@localhost .ssh]$ ls -ltrh
total 16K
-rw-r--r--. 1 myuseraccount myuseraccount  412 May  8 21:52 id_rsa.pub
-rw-------. 1 myuseraccount myuseraccount 1.7K May  8 21:52 id_rsa
-rw-r--r--. 1 myuseraccount myuseraccount  194 May  9 08:18 known_hosts
-rw-r--r--. 1 myuseraccount myuseraccount  412 May 10 07:56 authorized_keys

Третий мой /etc/ssh/sshd_config.phabricator

[myuseraccount@localhost ~]$ sudo cat /etc/ssh/sshd_config.phabricator
# NOTE: You must have OpenSSHD 6.2 or newer; support for AuthorizedKeysCommand
# was added in this version.

# NOTE: Edit these to the correct values for your setup.

AuthorizedKeysCommand /usr/libexec/phabricator-ssh-hook.sh
AuthorizedKeysCommandUser phssh
AllowUsers phssh myuseraccount

# You may need to tweak these options, but mostly they just turn off everything
# dangerous.

Port 2222
Protocol 2
PermitRootLogin no
AllowAgentForwarding no
AllowTcpForwarding no
PrintMotd no
PrintLastLog no
PasswordAuthentication no
ChallengeResponseAuthentication no
AuthorizedKeysFile none

PidFile /var/run/sshd-phabricator.pid

Четвертый мой /usr/libexec/phabricator-ssh-hook.sh

[myuseraccount@localhost ~]$ sudo cat /usr/libexec/phabricator-ssh-hook.sh
#!/bin/sh

# NOTE: Replace this with the username that you expect users to connect with.
VCSUSER="phssh"

# NOTE: Replace this with the path to your Phabricator directory.
ROOT="/var/www/phabricator/phabricator"


if [ "$1" != "$VCSUSER" ];
then
  exit 1
fi

exec "$ROOT/bin/ssh-auth" $@

Пятый каталог пользователя .ssh моего фабрикатора ssh (его нет):

[phssh@localhost ~]$ cd .ssh
-bash: cd: .ssh: No such file or directory
[phssh@localhost ~]$

Шестой результат попытки проверить доступ по ssh для пользователя ssh фабиркатора

[myuseraccount@localhost ~]$ echo {} | ssh -vT -p 2222 [email protected] conduit conduit.ping
OpenSSH_7.6p1, OpenSSL 1.1.0h-fips  27 Mar 2018
debug1: Connecting to phabricator.localhost.com [127.0.0.1] port 2222.
debug1: Connection established.
debug1: identity file /home/myuseraccount/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6
debug1: match: OpenSSH_7.6 pat OpenSSH* compat 0x04000000
debug1: Authenticating to phabricator.localhost.com:2222 as 'phssh'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:zDG5zn8v3kXupOmtXAIR0lARunjm84FZylsi8SSEDiQ
debug1: Host '[phabricator.localhost.com]:2222' is known and matches the ECDSA host key.
debug1: Found key in /home/myuseraccount/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks


debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,null>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:LSpshgB4wrOCld9ZDQSM6m/SeM/xVBnZaXrkDV4iJxo /home/myuseraccount/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/myuseraccount/.ssh/id_dsa
debug1: Trying private key: /home/myuseraccount/.ssh/id_ecdsa
debug1: Trying private key: /home/myuseraccount/.ssh/id_ed25519
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey).

пытаюсь ssh как я

[myuseraccount@localhost ~]$ ssh -vT -p 2222 [email protected]
OpenSSH_7.6p1, OpenSSL 1.1.0h-fips  27 Mar 2018
debug1: Connecting to phabricator.localhost.com [127.0.0.1] port 2222.
debug1: Connection established.
debug1: identity file /home/myuseraccount/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6
debug1: match: OpenSSH_7.6 pat OpenSSH* compat 0x04000000
debug1: Authenticating to phabricator.localhost.com:2222 as 'myuseraccount'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:zDG5zn8v3kXupOmtXAIR0lARunjm84FZylsi8SSEDiQ
debug1: Host '[phabricator.localhost.com]:2222' is known and matches the ECDSA host key.
debug1: Found key in /home/myuseraccount/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,null>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:LSpshgB4wrOCld9ZDQSM6m/SeM/xVBnZaXrkDV4iJxo /home/myuseraccount/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/myuseraccount/.ssh/id_dsa
debug1: Trying private key: /home/myuseraccount/.ssh/id_ecdsa
debug1: Trying private key: /home/myuseraccount/.ssh/id_ed25519
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey).

Заранее благодарим за любые указания, рекомендации или вопросы.


git ssh phabricator
person RJ Cole    schedule 11.05.2018    source источник

Ответы (1)


arrow_upward
0
arrow_downward

Я нашел ответ, который я почему-то пропустил, следуя инструкциям по настройке, похороненный в комментариях к этому вопросу sshd AuthorizedKeysCommand выдает статус 127:

https://secure.phabricator.com/book/phabricator/article/diffusion_hosting/ «И сам скрипт, и родительский каталог, в котором находится скрипт, должны принадлежать root, а скрипт должен иметь права доступа 755. Если вы этого не сделаете, sshd откажется выполнять хук». Вы проверили это?

Сценарий не был 755!

person RJ Cole    schedule 12.05.2018