使用 SSH 为 Phabricator 配置 Git
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/22236640/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Configure Git with SSH for Phabricator
提问by witrin
I'm trying to configure SSH for Phabricator to get git running. I've followed this manualbut when I call echo {} | ssh [email protected] conduit conduit.pingI always get an empty result or Permission denied (publickey,keyboard-interactive)..
我正在尝试为 Phabricator 配置 SSH 以运行 git。我遵循了本手册,但是当我打电话时,echo {} | ssh [email protected] conduit conduit.ping我总是得到一个空的结果或Permission denied (publickey,keyboard-interactive)..
/etc/ssh-phabricator/sshd_config:
/etc/ssh-phabricator/sshd_config:
AuthorizedKeysCommand /usr/libexec/ssh-phabricator-hook
AuthorizedKeysCommandUser git
Port 22
Protocol 2
PermitRootLogin no
AllowAgentForwarding no
AllowTcpForwarding no
PrintMotd no
PrintLastLog no
PasswordAuthentication no
AuthorizedKeysFile none
/etc/passwd:
/etc/passwd:
phd:x:999:999::/var/tmp/phd:/bin/false
git:x:1005:1005::/home/git:/bin/bash
/etc/shadow:
/etc/shadow:
phd:!:16135::::::
git:NP:16135:0:99999:7:::
/etc/sudoers:
/etc/sudoers:
git ALL=(phd) SETENV: NOPASSWD: /usr/bin/git-upload-pack, /usr/bin/git-receive-pack, /bin/false
~/.ssh/config:
~/.ssh/config:
Host phabricator.mydomain.com
HostName phabricator.mydomain.com
Port 22
IdentityFile /c/Users/.../.ssh/id_rsa_phabricator
PreferredAuthentications publickey
User git
UPDATE
更新
The reasons for my problems were:
我的问题的原因是:
- I didn't use the SSH key with the client.
- I didn't ensure that the
gituser has a shell.
- 我没有在客户端使用 SSH 密钥。
- 我没有确保
git用户有一个 shell。
采纳答案by Michael
Your ssh hook is working properly - first, you should ensure that the git ssh user is able to ssh to the normal ssh daemon - this will ensure that you can login with this user.
您的 ssh 挂钩工作正常 - 首先,您应该确保 git ssh 用户能够通过 ssh 连接到普通的 ssh 守护进程 - 这将确保您可以使用该用户登录。
More than likely you have a bad home directory or bad shell as stated in the comments.
如评论中所述,您的主目录或 shell 很可能不正确。
If all of that is working fine, make sure you have a ssh key uploaded to your profile and that you are using this key to connect with.
如果一切正常,请确保您已将 ssh 密钥上传到您的个人资料,并且您正在使用此密钥进行连接。
回答by Alasdair
Just another thing to note is the path must have the correct permissions for the AuthorizedKeysCommandor this could also result in
需要注意的另一件事是路径必须具有正确的权限,AuthorizedKeysCommand否则这也可能导致
Permission denied (publickey,keyboard-interactive)
回答by Ilendir
I ran into the
我跑进了
Permission denied (publickey,keyboard-interactive)
problem too and found another cause that is not yet mentioned here: SELinux.
问题也是如此,并发现了这里尚未提及的另一个原因:SELinux。
If you use SELinux with "Enforcing" policy on your server, you might run into the same problems. To check if SELinux is responsible, set
如果您在服务器上使用带有“强制”策略的 SELinux,您可能会遇到同样的问题。要检查 SELinux 是否负责,请设置
$ setenforce 0
and try
并尝试
$ echo {} | ssh [email protected] conduit conduit.ping
again.
再次。
If it suddenly works, but you don't want to permanently disable SELinux or run it in permissive mode, you can use audit2allowto resolve the issues that your server recently encountered:
如果它突然起作用,但您不想永久禁用 SELinux 或在许可模式下运行它,您可以使用audit2allow来解决您的服务器最近遇到的问题:
$ ausearch -m avc -ts recent | audit2allow -M local
$ semodule -i local.pp
This ausearch prints recent entries from the SELinux log (usually /var/log/audit/audit.log ) and audit2allow creates policies for entries that are marked as denied. Make sure there are no recent entries in the log you don't want to allow.
此 ausearch 从 SELinux 日志(通常是 /var/log/audit/audit.log )打印最近的条目,并且 audit2allow 为标记为denied 的条目创建策略。确保日志中没有您不想允许的最近条目。
