文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
社区首页 >问答首页 >Phabricator SSH

Phabricator SSH
EN

Stack Overflow用户
提问于 2018-05-11 18:48:05
回答 1查看 1.3K关注 0票数 0

我读过关于堆栈溢出的类似问题的答案,并尝试过这些解决方案,但它们没有奏效。

为了学习目的,我正在我的笔记本电脑(linux 27)上安装噬菌体。我已经设置并运行了它,但是我无法在这台笔记本上观察到任何git回复。我正在解决一些目录权限问题,但我也遇到了一个问题,使用端口2222上的phabricator的ssh,我很想得到一些帮助。以下是我认为有必要进行故障排除的信息。

我遵循这里的说明:hosting/

我已经通过UI设置将我的id_rsa.pub添加到噬菌体中-> SSH公钥(http://phabricator.localhost.com/settings/user/myuseraccount/page/ssh/)

首先,我的噬菌体ssh设置:

代码语言:javascript
复制
[myuseraccount@localhost ~]$ config list |grep ssh 
diffusion.ssh-host
diffusion.ssh-port
diffusion.ssh-user
log.ssh.format
log.ssh.path

[myuseraccount@localhost ~]$ config get diffusion.ssh-host
{   
  "config": [
    {
      "key": "diffusion.ssh-host",
      "source": "local",
      "value": null,
      "status": "unset",
      "errorInfo": null
    },
    {
      "key": "diffusion.ssh-host",
      "source": "database",
      "value": null,
      "status": "unset",
      "errorInfo": null
    }
  ]   
}   
[myuseraccount@localhost ~]$ config get diffusion.ssh-port
{   
  "config": [
    {
      "key": "diffusion.ssh-port",
      "source": "local",
      "value": 2222,
      "status": "set",
      "errorInfo": null
    },
    {
      "key": "diffusion.ssh-port",
      "source": "database",
      "value": null,
      "status": "unset",
      "errorInfo": null
    }
  ]
}
[myuseraccount@localhost ~]$ config get diffusion.ssh-user
{
  "config": [
    {
      "key": "diffusion.ssh-user",
      "source": "local",
      "value": "phssh",
      "status": "set",
      "errorInfo": null
    },
    {
      "key": "diffusion.ssh-user",
      "source": "database",
      "value": null,
      "status": "unset",
      "errorInfo": null
    }
  ]
}
[myuseraccount@localhost ~]$ config get diffusion.ssh.path
{
  "config": [
    {
      "key": "log.ssh.path",
      "source": "local",
      "value": null,
      "status": "unset",
      "errorInfo": null
    },
    {
      "key": "log.ssh.path",
      "source": "database",
      "value": null,
      "status": "unset",
      "errorInfo": null
    }
  ]
}

第二个我的.ssh目录

代码语言:javascript
复制
[myuseraccount@localhost .ssh]$ ls
id_rsa  id_rsa.pub  known_hosts

[myuseraccount@localhost .ssh]$ ls -ltrh
total 12K
-rw-r--r--. 1 myuseraccount myuseraccount  412 May  8 21:52 id_rsa.pub
-rw-------. 1 myuseraccount myuseraccount 1.7K May  8 21:52 id_rsa
-rw-r--r--. 1 myuseraccount myuseraccount  194 May  9 08:18 known_hosts

[myuseraccount@localhost .ssh]$ cat id_rsa.pub > authorized_keys

[myuseraccount@localhost .ssh]$ ls -ltrh
total 16K
-rw-r--r--. 1 myuseraccount myuseraccount  412 May  8 21:52 id_rsa.pub
-rw-------. 1 myuseraccount myuseraccount 1.7K May  8 21:52 id_rsa
-rw-r--r--. 1 myuseraccount myuseraccount  194 May  9 08:18 known_hosts
-rw-rw-r--. 1 myuseraccount myuseraccount  412 May 10 07:56 authorized_keys

[myuseraccount@localhost .ssh]$ chmod 644 authorized_keys

[myuseraccount@localhost .ssh]$ ls -ltrh
total 16K
-rw-r--r--. 1 myuseraccount myuseraccount  412 May  8 21:52 id_rsa.pub
-rw-------. 1 myuseraccount myuseraccount 1.7K May  8 21:52 id_rsa
-rw-r--r--. 1 myuseraccount myuseraccount  194 May  9 08:18 known_hosts
-rw-r--r--. 1 myuseraccount myuseraccount  412 May 10 07:56 authorized_keys

第三,my /etc/ssh/sshd_config.phabricator

代码语言:javascript
复制
[myuseraccount@localhost ~]$ sudo cat /etc/ssh/sshd_config.phabricator
# NOTE: You must have OpenSSHD 6.2 or newer; support for AuthorizedKeysCommand
# was added in this version.

# NOTE: Edit these to the correct values for your setup.

AuthorizedKeysCommand /usr/libexec/phabricator-ssh-hook.sh
AuthorizedKeysCommandUser phssh
AllowUsers phssh myuseraccount

# You may need to tweak these options, but mostly they just turn off everything
# dangerous.

Port 2222
Protocol 2
PermitRootLogin no
AllowAgentForwarding no
AllowTcpForwarding no
PrintMotd no
PrintLastLog no
PasswordAuthentication no
ChallengeResponseAuthentication no
AuthorizedKeysFile none

PidFile /var/run/sshd-phabricator.pid

第四,我/usr/libexec/phabricator-ssh-hook.sh

代码语言:javascript
复制
[myuseraccount@localhost ~]$ sudo cat /usr/libexec/phabricator-ssh-hook.sh
#!/bin/sh

# NOTE: Replace this with the username that you expect users to connect with.
VCSUSER="phssh"

# NOTE: Replace this with the path to your Phabricator directory.
ROOT="/var/www/phabricator/phabricator"


if [ "$1" != "$VCSUSER" ];
then
  exit 1
fi

exec "$ROOT/bin/ssh-auth" $@

第五,我的phabricator用户的.ssh目录(没有):

代码语言:javascript
复制
[phssh@localhost ~]$ cd .ssh
-bash: cd: .ssh: No such file or directory
[phssh@localhost ~]$

第六个输出来自尝试测试phabircator的ssh用户的ssh访问

代码语言:javascript
复制
[myuseraccount@localhost ~]$ echo {} | ssh -vT -p 2222 phssh@phabricator.localhost.com conduit conduit.ping
OpenSSH_7.6p1, OpenSSL 1.1.0h-fips  27 Mar 2018
debug1: Connecting to phabricator.localhost.com [127.0.0.1] port 2222.
debug1: Connection established.
debug1: identity file /home/myuseraccount/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6
debug1: match: OpenSSH_7.6 pat OpenSSH* compat 0x04000000
debug1: Authenticating to phabricator.localhost.com:2222 as 'phssh'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:zDG5zn8v3kXupOmtXAIR0lARunjm84FZylsi8SSEDiQ
debug1: Host '[phabricator.localhost.com]:2222' is known and matches the ECDSA host key.
debug1: Found key in /home/myuseraccount/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks


debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,null>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:LSpshgB4wrOCld9ZDQSM6m/SeM/xVBnZaXrkDV4iJxo /home/myuseraccount/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/myuseraccount/.ssh/id_dsa
debug1: Trying private key: /home/myuseraccount/.ssh/id_ecdsa
debug1: Trying private key: /home/myuseraccount/.ssh/id_ed25519
debug1: No more authentication methods to try.
phssh@phabricator.localhost.com: Permission denied (publickey).

试图像我自己一样

代码语言:javascript
复制
[myuseraccount@localhost ~]$ ssh -vT -p 2222 myuseraccount@phabricator.localhost.com
OpenSSH_7.6p1, OpenSSL 1.1.0h-fips  27 Mar 2018
debug1: Connecting to phabricator.localhost.com [127.0.0.1] port 2222.
debug1: Connection established.
debug1: identity file /home/myuseraccount/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuseraccount/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6
debug1: match: OpenSSH_7.6 pat OpenSSH* compat 0x04000000
debug1: Authenticating to phabricator.localhost.com:2222 as 'myuseraccount'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:zDG5zn8v3kXupOmtXAIR0lARunjm84FZylsi8SSEDiQ
debug1: Host '[phabricator.localhost.com]:2222' is known and matches the ECDSA host key.
debug1: Found key in /home/myuseraccount/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,null>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:LSpshgB4wrOCld9ZDQSM6m/SeM/xVBnZaXrkDV4iJxo /home/myuseraccount/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/myuseraccount/.ssh/id_dsa
debug1: Trying private key: /home/myuseraccount/.ssh/id_ecdsa
debug1: Trying private key: /home/myuseraccount/.ssh/id_ed25519
debug1: No more authentication methods to try.
myuseraccount@phabricator.localhost.com: Permission denied (publickey).

提前感谢您的指点、指导或问题。

git
ssh
phabricator
EN

回答 1

Stack Overflow用户

回答已采纳

发布于 2018-05-12 11:22:35

我找到了答案,我在遵循设置这个问题的指令时,不知何故错过了这个答案,埋没在关于这个问题sshd AuthorizedKeysCommand throws status 127的评论中。

hosting/“脚本本身和脚本所在的父目录都必须由根用户拥有,并且脚本必须具有755权限。如果不这样做,sshd将拒绝执行钩子。”你查过了吗?

剧本不是755!

票数 0
EN
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://stackoverflow.com/questions/50298515

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 粤公网安备44030502008569号

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档