Фабрикатор СШ

Question

Я прочитал ответы на аналогичные вопросы по stackoverflow и попробовал решения, но они не сработали.

Я пытаюсь установить phabricator на моем ноутбуке (linux fedora 27) в целях обучения.Я настроил и запустил его, но я не могу наблюдать за репозиториями на этом ноутбуке.Я разрешаю несколько проблем с правами доступа к каталогам, но я также сталкиваюсь с проблемой использования ssh от phabricator на порту 2222 и хотела бы получить некоторую помощь.Вот информация, которую я считаю необходимой для устранения неполадок.

Я следовал инструкциям здесь: https://secure.phabricator.com/book/phabricator/article/diffusion_hosting/

Я добавил свой id_rsa.pub в phabricator через настройки пользовательского интерфейса -> SSHПубличные ключи (http://phabricator.localhost.com/settings/user/myuseraccount/page/ssh/)

Во-первых, мои настройки фабрикатора ssh:

[myuseraccount@localhost ~]$ config list |grep ssh 
diffusion.ssh-host
diffusion.ssh-port
diffusion.ssh-user
log.ssh.format
log.ssh.path

[myuseraccount@localhost ~]$ config get diffusion.ssh-host
{   
  "config": [
    {
      "key": "diffusion.ssh-host",
      "source": "local",
      "value": null,
      "status": "unset",
      "errorInfo": null
    },
    {
      "key": "diffusion.ssh-host",
      "source": "database",
      "value": null,
      "status": "unset",
      "errorInfo": null
    }
  ]   
}   
[myuseraccount@localhost ~]$ config get diffusion.ssh-port
{   
  "config": [
    {
      "key": "diffusion.ssh-port",
      "source": "local",
      "value": 2222,
      "status": "set",
      "errorInfo": null
    },
    {
      "key": "diffusion.ssh-port",
      "source": "database",
      "value": null,
      "status": "unset",
      "errorInfo": null
    }
  ]
}
[myuseraccount@localhost ~]$ config get diffusion.ssh-user
{
  "config": [
    {
      "key": "diffusion.ssh-user",
      "source": "local",
      "value": "phssh",
      "status": "set",
      "errorInfo": null
    },
    {
      "key": "diffusion.ssh-user",
      "source": "database",
      "value": null,
      "status": "unset",
      "errorInfo": null
    }
  ]
}
[myuseraccount@localhost ~]$ config get diffusion.ssh.path
{
  "config": [
    {
      "key": "log.ssh.path",
      "source": "local",
      "value": null,
      "status": "unset",
      "errorInfo": null
    },
    {
      "key": "log.ssh.path",
      "source": "database",
      "value": null,
      "status": "unset",
      "errorInfo": null
    }
  ]
}

Второй мой каталог .ssh

[myuseraccount@localhost .ssh]$ ls
id_rsa  id_rsa.pub  known_hosts

[myuseraccount@localhost .ssh]$ ls -ltrh
total 12K
-rw-r--r--. 1 myuseraccount myuseraccount  412 May  8 21:52 id_rsa.pub
-rw-------. 1 myuseraccount myuseraccount 1.7K May  8 21:52 id_rsa
-rw-r--r--. 1 myuseraccount myuseraccount  194 May  9 08:18 known_hosts

[myuseraccount@localhost .ssh]$ cat id_rsa.pub > authorized_keys

[myuseraccount@localhost .ssh]$ ls -ltrh
total 16K
-rw-r--r--. 1 myuseraccount myuseraccount  412 May  8 21:52 id_rsa.pub
-rw-------. 1 myuseraccount myuseraccount 1.7K May  8 21:52 id_rsa
-rw-r--r--. 1 myuseraccount myuseraccount  194 May  9 08:18 known_hosts
-rw-rw-r--. 1 myuseraccount myuseraccount  412 May 10 07:56 authorized_keys

[myuseraccount@localhost .ssh]$ chmod 644 authorized_keys

[myuseraccount@localhost .ssh]$ ls -ltrh
total 16K
-rw-r--r--. 1 myuseraccount myuseraccount  412 May  8 21:52 id_rsa.pub
-rw-------. 1 myuseraccount myuseraccount 1.7K May  8 21:52 id_rsa
-rw-r--r--. 1 myuseraccount myuseraccount  194 May  9 08:18 known_hosts
-rw-r--r--. 1 myuseraccount myuseraccount  412 May 10 07:56 authorized_keys

Третий мой / etc / ssh / sshd_config.phabricator

[myuseraccount@localhost ~]$ sudo cat /etc/ssh/sshd_config.phabricator
# NOTE: You must have OpenSSHD 6.2 or newer; support for AuthorizedKeysCommand
# was added in this version.

# NOTE: Edit these to the correct values for your setup.

AuthorizedKeysCommand /usr/libexec/phabricator-ssh-hook.sh
AuthorizedKeysCommandUser phssh
AllowUsers phssh myuseraccount

# You may need to tweak these options, but mostly they just turn off everything
# dangerous.

Port 2222
Protocol 2
PermitRootLogin no
AllowAgentForwarding no
AllowTcpForwarding no
PrintMotd no
PrintLastLog no
PasswordAuthentication no
ChallengeResponseAuthentication no
AuthorizedKeysFile none

PidFile /var/run/sshd-phabricator.pid

Четвертый мой /usr/libexec/phabricator-ssh-hook.sh

[myuseraccount@localhost ~]$ sudo cat /usr/libexec/phabricator-ssh-hook.sh
#!/bin/sh

# NOTE: Replace this with the username that you expect users to connect with.
VCSUSER="phssh"

# NOTE: Replace this with the path to your Phabricator directory.
ROOT="/var/www/phabricator/phabricator"


if [ "$1" != "$VCSUSER" ];
then
  exit 1
fi

exec "$ROOT/bin/ssh-auth" $@

Пятый каталог .ssh моего фабрикатора ssh пользователя (его нет):

[phssh@localhost ~]$ cd .ssh
-bash: cd: .ssh: No such file or directory
[phssh@localhost ~]$

Шестой вывод при попытке проверить ssh-доступ для пользователя ssh от phabircator

[myuseraccount@localhost ~]$ echo {} | ssh -vT -p 2222 phssh@phabricator.localhost.com conduit conduit.ping
OpenSSH_7.6p1, OpenSSL 1.1.0h-fips  27 Mar 2018
debug1: Connecting to phabricator.localhost.com [127.0.0.1] port 2222.
debug1: Connection established.
debug1: identity file /home/myuseraccount/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6
debug1: match: OpenSSH_7.6 pat OpenSSH* compat 0x04000000
debug1: Authenticating to phabricator.localhost.com:2222 as 'phssh'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:zDG5zn8v3kXupOmtXAIR0lARunjm84FZylsi8SSEDiQ
debug1: Host '[phabricator.localhost.com]:2222' is known and matches the ECDSA host key.
debug1: Found key in /home/myuseraccount/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks


debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,null>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:LSpshgB4wrOCld9ZDQSM6m/SeM/xVBnZaXrkDV4iJxo /home/myuseraccount/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/myuseraccount/.ssh/id_dsa
debug1: Trying private key: /home/myuseraccount/.ssh/id_ecdsa
debug1: Trying private key: /home/myuseraccount/.ssh/id_ed25519
debug1: No more authentication methods to try.
phssh@phabricator.localhost.com: Permission denied (publickey).

при попытке ssh под себя

[myuseraccount@localhost ~]$ ssh -vT -p 2222 myuseraccount@phabricator.localhost.com
OpenSSH_7.6p1, OpenSSL 1.1.0h-fips  27 Mar 2018
debug1: Connecting to phabricator.localhost.com [127.0.0.1] port 2222.
debug1: Connection established.
debug1: identity file /home/myuseraccount/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6
debug1: match: OpenSSH_7.6 pat OpenSSH* compat 0x04000000
debug1: Authenticating to phabricator.localhost.com:2222 as 'myuseraccount'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:zDG5zn8v3kXupOmtXAIR0lARunjm84FZylsi8SSEDiQ
debug1: Host '[phabricator.localhost.com]:2222' is known and matches the ECDSA host key.
debug1: Found key in /home/myuseraccount/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,null>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:LSpshgB4wrOCld9ZDQSM6m/SeM/xVBnZaXrkDV4iJxo /home/myuseraccount/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/myuseraccount/.ssh/id_dsa
debug1: Trying private key: /home/myuseraccount/.ssh/id_ecdsa
debug1: Trying private key: /home/myuseraccount/.ssh/id_ed25519
debug1: No more authentication methods to try.
myuseraccount@phabricator.localhost.com: Permission denied (publickey).

Заранее спасибо за любые указателиили руководство или вопросы.

Answer 1

Я нашел ответ, который я каким-то образом упустил, следуя инструкциям по настройке, скрытый в комментариях к этому вопросу sshd AuthorizedKeysCommand выбрасывает статус 127 :

https://secure.phabricator.com/book/phabricator/article/diffusion_hosting/ «И сам сценарий, и родительский каталог, в котором находится сценарий, должны принадлежать пользователю root, а сценарий должен иметь права доступа 755. Если вы этого не сделаете, sshd откажется выполнять ловушку».Вы это проверяли?

Сценарий не был 755!