Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [myuseraccount@localhost ~]$ config list |grep ssh
- diffusion.ssh-host
- diffusion.ssh-port
- diffusion.ssh-user
- log.ssh.format
- log.ssh.path
- [myuseraccount@localhost ~]$ config get diffusion.ssh-host
- {
- "config": [
- {
- "key": "diffusion.ssh-host",
- "source": "local",
- "value": null,
- "status": "unset",
- "errorInfo": null
- },
- {
- "key": "diffusion.ssh-host",
- "source": "database",
- "value": null,
- "status": "unset",
- "errorInfo": null
- }
- ]
- }
- [myuseraccount@localhost ~]$ config get diffusion.ssh-port
- {
- "config": [
- {
- "key": "diffusion.ssh-port",
- "source": "local",
- "value": 2222,
- "status": "set",
- "errorInfo": null
- },
- {
- "key": "diffusion.ssh-port",
- "source": "database",
- "value": null,
- "status": "unset",
- "errorInfo": null
- }
- ]
- }
- [myuseraccount@localhost ~]$ config get diffusion.ssh-user
- {
- "config": [
- {
- "key": "diffusion.ssh-user",
- "source": "local",
- "value": "phssh",
- "status": "set",
- "errorInfo": null
- },
- {
- "key": "diffusion.ssh-user",
- "source": "database",
- "value": null,
- "status": "unset",
- "errorInfo": null
- }
- ]
- }
- [myuseraccount@localhost ~]$ config get diffusion.ssh.path
- {
- "config": [
- {
- "key": "log.ssh.path",
- "source": "local",
- "value": null,
- "status": "unset",
- "errorInfo": null
- },
- {
- "key": "log.ssh.path",
- "source": "database",
- "value": null,
- "status": "unset",
- "errorInfo": null
- }
- ]
- }
- [myuseraccount@localhost .ssh]$ ls
- id_rsa id_rsa.pub known_hosts
- [myuseraccount@localhost .ssh]$ ls -ltrh
- total 12K
- -rw-r--r--. 1 myuseraccount myuseraccount 412 May 8 21:52 id_rsa.pub
- -rw-------. 1 myuseraccount myuseraccount 1.7K May 8 21:52 id_rsa
- -rw-r--r--. 1 myuseraccount myuseraccount 194 May 9 08:18 known_hosts
- [myuseraccount@localhost .ssh]$ cat id_rsa.pub > authorized_keys
- [myuseraccount@localhost .ssh]$ ls -ltrh
- total 16K
- -rw-r--r--. 1 myuseraccount myuseraccount 412 May 8 21:52 id_rsa.pub
- -rw-------. 1 myuseraccount myuseraccount 1.7K May 8 21:52 id_rsa
- -rw-r--r--. 1 myuseraccount myuseraccount 194 May 9 08:18 known_hosts
- -rw-rw-r--. 1 myuseraccount myuseraccount 412 May 10 07:56 authorized_keys
- [myuseraccount@localhost .ssh]$ chmod 644 authorized_keys
- [myuseraccount@localhost .ssh]$ ls -ltrh
- total 16K
- -rw-r--r--. 1 myuseraccount myuseraccount 412 May 8 21:52 id_rsa.pub
- -rw-------. 1 myuseraccount myuseraccount 1.7K May 8 21:52 id_rsa
- -rw-r--r--. 1 myuseraccount myuseraccount 194 May 9 08:18 known_hosts
- -rw-r--r--. 1 myuseraccount myuseraccount 412 May 10 07:56 authorized_keys
- [myuseraccount@localhost ~]$ sudo cat /etc/ssh/sshd_config.phabricator
- # NOTE: You must have OpenSSHD 6.2 or newer; support for AuthorizedKeysCommand
- # was added in this version.
- # NOTE: Edit these to the correct values for your setup.
- AuthorizedKeysCommand /usr/libexec/phabricator-ssh-hook.sh
- AuthorizedKeysCommandUser phssh
- AllowUsers phssh myuseraccount
- # You may need to tweak these options, but mostly they just turn off everything
- # dangerous.
- Port 2222
- Protocol 2
- PermitRootLogin no
- AllowAgentForwarding no
- AllowTcpForwarding no
- PrintMotd no
- PrintLastLog no
- PasswordAuthentication no
- ChallengeResponseAuthentication no
- AuthorizedKeysFile none
- PidFile /var/run/sshd-phabricator.pid
- [myuseraccount@localhost ~]$ sudo cat /usr/libexec/phabricator-ssh-hook.sh
- #!/bin/sh
- # NOTE: Replace this with the username that you expect users to connect with.
- VCSUSER="phssh"
- # NOTE: Replace this with the path to your Phabricator directory.
- ROOT="/var/www/phabricator/phabricator"
- if [ "$1" != "$VCSUSER" ];
- then
- exit 1
- fi
- exec "$ROOT/bin/ssh-auth" $@
- [phssh@localhost ~]$ cd .ssh
- -bash: cd: .ssh: No such file or directory
- [phssh@localhost ~]$
- [myuseraccount@localhost ~]$ echo {} | ssh -vT -p 2222 phssh@phabricator.localhost.com conduit conduit.ping
- OpenSSH_7.6p1, OpenSSL 1.1.0h-fips 27 Mar 2018
- debug1: Connecting to phabricator.localhost.com [127.0.0.1] port 2222.
- debug1: Connection established.
- debug1: identity file /home/myuseraccount/.ssh/id_rsa type 0
- debug1: key_load_public: No such file or directory
- debug1: identity file /home/myuseraccount/.ssh/id_rsa-cert type -1
- debug1: key_load_public: No such file or directory
- debug1: identity file /home/myuseraccount/.ssh/id_dsa type -1
- debug1: key_load_public: No such file or directory
- debug1: identity file /home/myuseraccount/.ssh/id_dsa-cert type -1
- debug1: key_load_public: No such file or directory
- debug1: identity file /home/myuseraccount/.ssh/id_ecdsa type -1
- debug1: key_load_public: No such file or directory
- debug1: identity file /home/myuseraccount/.ssh/id_ecdsa-cert type -1
- debug1: key_load_public: No such file or directory
- debug1: identity file /home/myuseraccount/.ssh/id_ed25519 type -1
- debug1: key_load_public: No such file or directory
- debug1: identity file /home/myuseraccount/.ssh/id_ed25519-cert type -1
- debug1: Local version string SSH-2.0-OpenSSH_7.6
- debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6
- debug1: match: OpenSSH_7.6 pat OpenSSH* compat 0x04000000
- debug1: Authenticating to phabricator.localhost.com:2222 as 'phssh'
- debug1: SSH2_MSG_KEXINIT sent
- debug1: SSH2_MSG_KEXINIT received
- debug1: kex: algorithm: curve25519-sha256
- debug1: kex: host key algorithm: ecdsa-sha2-nistp256
- debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
- debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
- debug1: kex: curve25519-sha256 need=64 dh_need=64
- debug1: kex: curve25519-sha256 need=64 dh_need=64
- debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
- debug1: Server host key: ecdsa-sha2-nistp256 SHA256:zDG5zn8v3kXupOmtXAIR0lARunjm84FZylsi8SSEDiQ
- debug1: Host '[phabricator.localhost.com]:2222' is known and matches the ECDSA host key.
- debug1: Found key in /home/myuseraccount/.ssh/known_hosts:1
- debug1: rekey after 134217728 blocks
- debug1: SSH2_MSG_NEWKEYS sent
- debug1: expecting SSH2_MSG_NEWKEYS
- debug1: SSH2_MSG_NEWKEYS received
- debug1: rekey after 134217728 blocks
- debug1: SSH2_MSG_EXT_INFO received
- debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,null>
- debug1: SSH2_MSG_SERVICE_ACCEPT received
- debug1: Authentications that can continue: publickey
- debug1: Next authentication method: publickey
- debug1: Offering public key: RSA SHA256:LSpshgB4wrOCld9ZDQSM6m/SeM/xVBnZaXrkDV4iJxo /home/myuseraccount/.ssh/id_rsa
- debug1: Authentications that can continue: publickey
- debug1: Trying private key: /home/myuseraccount/.ssh/id_dsa
- debug1: Trying private key: /home/myuseraccount/.ssh/id_ecdsa
- debug1: Trying private key: /home/myuseraccount/.ssh/id_ed25519
- debug1: No more authentication methods to try.
- phssh@phabricator.localhost.com: Permission denied (publickey).
- [myuseraccount@localhost ~]$ ssh -vT -p 2222 myuseraccount@phabricator.localhost.com
- OpenSSH_7.6p1, OpenSSL 1.1.0h-fips 27 Mar 2018
- debug1: Connecting to phabricator.localhost.com [127.0.0.1] port 2222.
- debug1: Connection established.
- debug1: identity file /home/myuseraccount/.ssh/id_rsa type 0
- debug1: key_load_public: No such file or directory
- debug1: identity file /home/myuseraccount/.ssh/id_rsa-cert type -1
- debug1: key_load_public: No such file or directory
- debug1: identity file /home/myuseraccount/.ssh/id_dsa type -1
- debug1: key_load_public: No such file or directory
- debug1: identity file /home/myuseraccount/.ssh/id_dsa-cert type -1
- debug1: key_load_public: No such file or directory
- debug1: identity file /home/myuseraccount/.ssh/id_ecdsa type -1
- debug1: key_load_public: No such file or directory
- debug1: identity file /home/myuseraccount/.ssh/id_ecdsa-cert type -1
- debug1: key_load_public: No such file or directory
- debug1: identity file /home/myuseraccount/.ssh/id_ed25519 type -1
- debug1: key_load_public: No such file or directory
- debug1: identity file /home/myuseraccount/.ssh/id_ed25519-cert type -1
- debug1: Local version string SSH-2.0-OpenSSH_7.6
- debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6
- debug1: match: OpenSSH_7.6 pat OpenSSH* compat 0x04000000
- debug1: Authenticating to phabricator.localhost.com:2222 as 'myuseraccount'
- debug1: SSH2_MSG_KEXINIT sent
- debug1: SSH2_MSG_KEXINIT received
- debug1: kex: algorithm: curve25519-sha256
- debug1: kex: host key algorithm: ecdsa-sha2-nistp256
- debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
- debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
- debug1: kex: curve25519-sha256 need=64 dh_need=64
- debug1: kex: curve25519-sha256 need=64 dh_need=64
- debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
- debug1: Server host key: ecdsa-sha2-nistp256 SHA256:zDG5zn8v3kXupOmtXAIR0lARunjm84FZylsi8SSEDiQ
- debug1: Host '[phabricator.localhost.com]:2222' is known and matches the ECDSA host key.
- debug1: Found key in /home/myuseraccount/.ssh/known_hosts:1
- debug1: rekey after 134217728 blocks
- debug1: SSH2_MSG_NEWKEYS sent
- debug1: expecting SSH2_MSG_NEWKEYS
- debug1: SSH2_MSG_NEWKEYS received
- debug1: rekey after 134217728 blocks
- debug1: SSH2_MSG_EXT_INFO received
- debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,null>
- debug1: SSH2_MSG_SERVICE_ACCEPT received
- debug1: Authentications that can continue: publickey
- debug1: Next authentication method: publickey
- debug1: Offering public key: RSA SHA256:LSpshgB4wrOCld9ZDQSM6m/SeM/xVBnZaXrkDV4iJxo /home/myuseraccount/.ssh/id_rsa
- debug1: Authentications that can continue: publickey
- debug1: Trying private key: /home/myuseraccount/.ssh/id_dsa
- debug1: Trying private key: /home/myuseraccount/.ssh/id_ecdsa
- debug1: Trying private key: /home/myuseraccount/.ssh/id_ed25519
- debug1: No more authentication methods to try.
- myuseraccount@phabricator.localhost.com: Permission denied (publickey).
Add Comment
Please, Sign In to add comment