# HG changeset patch # User wenzelm # Date 1569435140 -7200 # Node ID 5094098f5e0c277e25fb520aa19486bbeb458064 # Parent 6a835635fa93db0cf8da2f7795ee641df475f04d clarified sshd setup: standard service on non-standard port 222, special "vcs" service on standard port 22; diff -r 6a835635fa93 -r 5094098f5e0c Admin/Phabricator/README --- a/Admin/Phabricator/README Wed Sep 25 19:40:00 2019 +0200 +++ b/Admin/Phabricator/README Wed Sep 25 20:12:20 2019 +0200 @@ -49,10 +49,8 @@ - Configuration/SSH: https://secure.phabricator.com/book/phabricator/article/diffusion_hosting - $ cp ssh/ssh-hook /usr/local/bin/. - $ cp ssh/sshd_config.phabricator /etc/ssh/. - $ cp ssh/sshd-phabricator.service /etc/systemd/system/. - $ cp ssh/sudoers.d/phabricator /etc/sudoers.d/. + /etc/ssh/sshd_config: + Port 222 /etc/passwd: phab-daemon:x:118:126::/nonexistent:/bin/false @@ -62,12 +60,20 @@ phab-daemon:x:126: vcs:x:125: - ./bin/config set phd.user phab-daemon - ./bin/config set diffusion.ssh-user vcs - ./bin/config set diffusion.ssh-port 2222 + $ cp ssh/ssh-hook /usr/local/bin/. + $ cp ssh/sshd_config.phabricator /etc/ssh/. + $ cp ssh/sshd-phabricator.service /lib/systemd/system/. + $ cp ssh/sudoers.d/phabricator /etc/sudoers.d/. - Test: - $ echo "{}" | ssh -p2222 vcs@phabricator.sketis.net conduit conduit.ping + $ ./bin/config set phd.user phab-daemon + $ ./bin/config set diffusion.ssh-user vcs + $ ./bin/config set diffusion.ssh-port 22 + + $ systemctl start sshd-phabricator + $ systemctl enable sshd-phabricator + + Test on local machine: + $ echo "{}" | ssh vcs@phabricator.sketis.net conduit conduit.ping - Repository Local Path: mkdir -p /var/www/phabricator/repo diff -r 6a835635fa93 -r 5094098f5e0c Admin/Phabricator/ssh/sshd_config.phabricator --- a/Admin/Phabricator/ssh/sshd_config.phabricator Wed Sep 25 19:40:00 2019 +0200 +++ b/Admin/Phabricator/ssh/sshd_config.phabricator Wed Sep 25 20:12:20 2019 +0200 @@ -10,7 +10,7 @@ # You may need to tweak these options, but mostly they just turn off everything # dangerous. -Port 2222 +Port 22 Protocol 2 PermitRootLogin no AllowAgentForwarding no