Guest User

Untitled

a guest
May 11th, 2018
98
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.91 KB | None | 0 0
  1. [myuseraccount@localhost ~]$ config list |grep ssh
  2. diffusion.ssh-host
  3. diffusion.ssh-port
  4. diffusion.ssh-user
  5. log.ssh.format
  6. log.ssh.path
  7.  
  8. [myuseraccount@localhost ~]$ config get diffusion.ssh-host
  9. {
  10. "config": [
  11. {
  12. "key": "diffusion.ssh-host",
  13. "source": "local",
  14. "value": null,
  15. "status": "unset",
  16. "errorInfo": null
  17. },
  18. {
  19. "key": "diffusion.ssh-host",
  20. "source": "database",
  21. "value": null,
  22. "status": "unset",
  23. "errorInfo": null
  24. }
  25. ]
  26. }
  27. [myuseraccount@localhost ~]$ config get diffusion.ssh-port
  28. {
  29. "config": [
  30. {
  31. "key": "diffusion.ssh-port",
  32. "source": "local",
  33. "value": 2222,
  34. "status": "set",
  35. "errorInfo": null
  36. },
  37. {
  38. "key": "diffusion.ssh-port",
  39. "source": "database",
  40. "value": null,
  41. "status": "unset",
  42. "errorInfo": null
  43. }
  44. ]
  45. }
  46. [myuseraccount@localhost ~]$ config get diffusion.ssh-user
  47. {
  48. "config": [
  49. {
  50. "key": "diffusion.ssh-user",
  51. "source": "local",
  52. "value": "phssh",
  53. "status": "set",
  54. "errorInfo": null
  55. },
  56. {
  57. "key": "diffusion.ssh-user",
  58. "source": "database",
  59. "value": null,
  60. "status": "unset",
  61. "errorInfo": null
  62. }
  63. ]
  64. }
  65. [myuseraccount@localhost ~]$ config get diffusion.ssh.path
  66. {
  67. "config": [
  68. {
  69. "key": "log.ssh.path",
  70. "source": "local",
  71. "value": null,
  72. "status": "unset",
  73. "errorInfo": null
  74. },
  75. {
  76. "key": "log.ssh.path",
  77. "source": "database",
  78. "value": null,
  79. "status": "unset",
  80. "errorInfo": null
  81. }
  82. ]
  83. }
  84.  
  85. [myuseraccount@localhost .ssh]$ ls
  86. id_rsa id_rsa.pub known_hosts
  87.  
  88. [myuseraccount@localhost .ssh]$ ls -ltrh
  89. total 12K
  90. -rw-r--r--. 1 myuseraccount myuseraccount 412 May 8 21:52 id_rsa.pub
  91. -rw-------. 1 myuseraccount myuseraccount 1.7K May 8 21:52 id_rsa
  92. -rw-r--r--. 1 myuseraccount myuseraccount 194 May 9 08:18 known_hosts
  93.  
  94. [myuseraccount@localhost .ssh]$ cat id_rsa.pub > authorized_keys
  95.  
  96. [myuseraccount@localhost .ssh]$ ls -ltrh
  97. total 16K
  98. -rw-r--r--. 1 myuseraccount myuseraccount 412 May 8 21:52 id_rsa.pub
  99. -rw-------. 1 myuseraccount myuseraccount 1.7K May 8 21:52 id_rsa
  100. -rw-r--r--. 1 myuseraccount myuseraccount 194 May 9 08:18 known_hosts
  101. -rw-rw-r--. 1 myuseraccount myuseraccount 412 May 10 07:56 authorized_keys
  102.  
  103. [myuseraccount@localhost .ssh]$ chmod 644 authorized_keys
  104.  
  105. [myuseraccount@localhost .ssh]$ ls -ltrh
  106. total 16K
  107. -rw-r--r--. 1 myuseraccount myuseraccount 412 May 8 21:52 id_rsa.pub
  108. -rw-------. 1 myuseraccount myuseraccount 1.7K May 8 21:52 id_rsa
  109. -rw-r--r--. 1 myuseraccount myuseraccount 194 May 9 08:18 known_hosts
  110. -rw-r--r--. 1 myuseraccount myuseraccount 412 May 10 07:56 authorized_keys
  111.  
  112. [myuseraccount@localhost ~]$ sudo cat /etc/ssh/sshd_config.phabricator
  113. # NOTE: You must have OpenSSHD 6.2 or newer; support for AuthorizedKeysCommand
  114. # was added in this version.
  115.  
  116. # NOTE: Edit these to the correct values for your setup.
  117.  
  118. AuthorizedKeysCommand /usr/libexec/phabricator-ssh-hook.sh
  119. AuthorizedKeysCommandUser phssh
  120. AllowUsers phssh myuseraccount
  121.  
  122. # You may need to tweak these options, but mostly they just turn off everything
  123. # dangerous.
  124.  
  125. Port 2222
  126. Protocol 2
  127. PermitRootLogin no
  128. AllowAgentForwarding no
  129. AllowTcpForwarding no
  130. PrintMotd no
  131. PrintLastLog no
  132. PasswordAuthentication no
  133. ChallengeResponseAuthentication no
  134. AuthorizedKeysFile none
  135.  
  136. PidFile /var/run/sshd-phabricator.pid
  137.  
  138. [myuseraccount@localhost ~]$ sudo cat /usr/libexec/phabricator-ssh-hook.sh
  139. #!/bin/sh
  140.  
  141. # NOTE: Replace this with the username that you expect users to connect with.
  142. VCSUSER="phssh"
  143.  
  144. # NOTE: Replace this with the path to your Phabricator directory.
  145. ROOT="/var/www/phabricator/phabricator"
  146.  
  147.  
  148. if [ "$1" != "$VCSUSER" ];
  149. then
  150. exit 1
  151. fi
  152.  
  153. exec "$ROOT/bin/ssh-auth" $@
  154.  
  155. [phssh@localhost ~]$ cd .ssh
  156. -bash: cd: .ssh: No such file or directory
  157. [phssh@localhost ~]$
  158.  
  159. [myuseraccount@localhost ~]$ echo {} | ssh -vT -p 2222 phssh@phabricator.localhost.com conduit conduit.ping
  160. OpenSSH_7.6p1, OpenSSL 1.1.0h-fips 27 Mar 2018
  161. debug1: Connecting to phabricator.localhost.com [127.0.0.1] port 2222.
  162. debug1: Connection established.
  163. debug1: identity file /home/myuseraccount/.ssh/id_rsa type 0
  164. debug1: key_load_public: No such file or directory
  165. debug1: identity file /home/myuseraccount/.ssh/id_rsa-cert type -1
  166. debug1: key_load_public: No such file or directory
  167. debug1: identity file /home/myuseraccount/.ssh/id_dsa type -1
  168. debug1: key_load_public: No such file or directory
  169. debug1: identity file /home/myuseraccount/.ssh/id_dsa-cert type -1
  170. debug1: key_load_public: No such file or directory
  171. debug1: identity file /home/myuseraccount/.ssh/id_ecdsa type -1
  172. debug1: key_load_public: No such file or directory
  173. debug1: identity file /home/myuseraccount/.ssh/id_ecdsa-cert type -1
  174. debug1: key_load_public: No such file or directory
  175. debug1: identity file /home/myuseraccount/.ssh/id_ed25519 type -1
  176. debug1: key_load_public: No such file or directory
  177. debug1: identity file /home/myuseraccount/.ssh/id_ed25519-cert type -1
  178. debug1: Local version string SSH-2.0-OpenSSH_7.6
  179. debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6
  180. debug1: match: OpenSSH_7.6 pat OpenSSH* compat 0x04000000
  181. debug1: Authenticating to phabricator.localhost.com:2222 as 'phssh'
  182. debug1: SSH2_MSG_KEXINIT sent
  183. debug1: SSH2_MSG_KEXINIT received
  184. debug1: kex: algorithm: curve25519-sha256
  185. debug1: kex: host key algorithm: ecdsa-sha2-nistp256
  186. debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
  187. debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
  188. debug1: kex: curve25519-sha256 need=64 dh_need=64
  189. debug1: kex: curve25519-sha256 need=64 dh_need=64
  190. debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
  191. debug1: Server host key: ecdsa-sha2-nistp256 SHA256:zDG5zn8v3kXupOmtXAIR0lARunjm84FZylsi8SSEDiQ
  192. debug1: Host '[phabricator.localhost.com]:2222' is known and matches the ECDSA host key.
  193. debug1: Found key in /home/myuseraccount/.ssh/known_hosts:1
  194. debug1: rekey after 134217728 blocks
  195.  
  196.  
  197. debug1: SSH2_MSG_NEWKEYS sent
  198. debug1: expecting SSH2_MSG_NEWKEYS
  199. debug1: SSH2_MSG_NEWKEYS received
  200. debug1: rekey after 134217728 blocks
  201. debug1: SSH2_MSG_EXT_INFO received
  202. debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,null>
  203. debug1: SSH2_MSG_SERVICE_ACCEPT received
  204. debug1: Authentications that can continue: publickey
  205. debug1: Next authentication method: publickey
  206. debug1: Offering public key: RSA SHA256:LSpshgB4wrOCld9ZDQSM6m/SeM/xVBnZaXrkDV4iJxo /home/myuseraccount/.ssh/id_rsa
  207. debug1: Authentications that can continue: publickey
  208. debug1: Trying private key: /home/myuseraccount/.ssh/id_dsa
  209. debug1: Trying private key: /home/myuseraccount/.ssh/id_ecdsa
  210. debug1: Trying private key: /home/myuseraccount/.ssh/id_ed25519
  211. debug1: No more authentication methods to try.
  212. phssh@phabricator.localhost.com: Permission denied (publickey).
  213.  
  214. [myuseraccount@localhost ~]$ ssh -vT -p 2222 myuseraccount@phabricator.localhost.com
  215. OpenSSH_7.6p1, OpenSSL 1.1.0h-fips 27 Mar 2018
  216. debug1: Connecting to phabricator.localhost.com [127.0.0.1] port 2222.
  217. debug1: Connection established.
  218. debug1: identity file /home/myuseraccount/.ssh/id_rsa type 0
  219. debug1: key_load_public: No such file or directory
  220. debug1: identity file /home/myuseraccount/.ssh/id_rsa-cert type -1
  221. debug1: key_load_public: No such file or directory
  222. debug1: identity file /home/myuseraccount/.ssh/id_dsa type -1
  223. debug1: key_load_public: No such file or directory
  224. debug1: identity file /home/myuseraccount/.ssh/id_dsa-cert type -1
  225. debug1: key_load_public: No such file or directory
  226. debug1: identity file /home/myuseraccount/.ssh/id_ecdsa type -1
  227. debug1: key_load_public: No such file or directory
  228. debug1: identity file /home/myuseraccount/.ssh/id_ecdsa-cert type -1
  229. debug1: key_load_public: No such file or directory
  230. debug1: identity file /home/myuseraccount/.ssh/id_ed25519 type -1
  231. debug1: key_load_public: No such file or directory
  232. debug1: identity file /home/myuseraccount/.ssh/id_ed25519-cert type -1
  233. debug1: Local version string SSH-2.0-OpenSSH_7.6
  234. debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6
  235. debug1: match: OpenSSH_7.6 pat OpenSSH* compat 0x04000000
  236. debug1: Authenticating to phabricator.localhost.com:2222 as 'myuseraccount'
  237. debug1: SSH2_MSG_KEXINIT sent
  238. debug1: SSH2_MSG_KEXINIT received
  239. debug1: kex: algorithm: curve25519-sha256
  240. debug1: kex: host key algorithm: ecdsa-sha2-nistp256
  241. debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
  242. debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
  243. debug1: kex: curve25519-sha256 need=64 dh_need=64
  244. debug1: kex: curve25519-sha256 need=64 dh_need=64
  245. debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
  246. debug1: Server host key: ecdsa-sha2-nistp256 SHA256:zDG5zn8v3kXupOmtXAIR0lARunjm84FZylsi8SSEDiQ
  247. debug1: Host '[phabricator.localhost.com]:2222' is known and matches the ECDSA host key.
  248. debug1: Found key in /home/myuseraccount/.ssh/known_hosts:1
  249. debug1: rekey after 134217728 blocks
  250. debug1: SSH2_MSG_NEWKEYS sent
  251. debug1: expecting SSH2_MSG_NEWKEYS
  252. debug1: SSH2_MSG_NEWKEYS received
  253. debug1: rekey after 134217728 blocks
  254. debug1: SSH2_MSG_EXT_INFO received
  255. debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,null>
  256. debug1: SSH2_MSG_SERVICE_ACCEPT received
  257. debug1: Authentications that can continue: publickey
  258. debug1: Next authentication method: publickey
  259. debug1: Offering public key: RSA SHA256:LSpshgB4wrOCld9ZDQSM6m/SeM/xVBnZaXrkDV4iJxo /home/myuseraccount/.ssh/id_rsa
  260. debug1: Authentications that can continue: publickey
  261. debug1: Trying private key: /home/myuseraccount/.ssh/id_dsa
  262. debug1: Trying private key: /home/myuseraccount/.ssh/id_ecdsa
  263. debug1: Trying private key: /home/myuseraccount/.ssh/id_ed25519
  264. debug1: No more authentication methods to try.
  265. myuseraccount@phabricator.localhost.com: Permission denied (publickey).
Add Comment
Please, Sign In to add comment