Configuring SSH for Phabricator

In this article, I will give an example of configuring SSH for Phabricator.
If an SSH server is already installed on the server, then we won’t touch it, unless you can change the standard port 22, for example, to 2222, to start the second SSH server on the standard port 22 and not specify the port in the repository links.

At the time of writing, I was using the Ubuntu 18.04 operating system.
Create a user system, for example, git or hg:

adduser --quiet --no-create-home --disabled-password --gecos "" git

Copy the script and specify the user in it:

cp /home/phd/phabricator/resources/sshd/ /usr/lib/
chown root /usr/lib/
chmod 755 /usr/lib/
nano /usr/lib/

Copy the SSH configuration template, specify AuthorizedKeysCommand, AuthorizedKeysCommandUser, and AllowUsers in it:

cp /home/phd/phabricator/resources/sshd/sshd_config.phabricator.example /etc/ssh/sshd_config.phabricator
nano /etc/ssh/sshd_config.phabricator

Launch the SSH server (so that it starts automatically at system startup, add it to /etc/rc.local or create an autorun script):

/usr/sbin/sshd -f /etc/ssh/sshd_config.phabricator

Check if it is running:

netstat -na | grep :22
echo [] | ssh conduit

Add to the /etc/sudoers file:

git ALL=(phd) SETENV: NOPASSWD: /usr/bin/git-upload-pack, /usr/bin/git-receive-pack, /usr/bin/hg, /usr/bin/svnserve

Keys are added in user profiles, you can make sure that they are added as follows:

/usr/lib/ git

If necessary, specify the parameters:

cd /home/phd/phabricator/
./bin/config set diffusion.ssh-host ...
./bin/config set diffusion.ssh-port 22
./bin/config set diffusion.ssh-user git

I also recommend installing Fail2Ban to block failed connection attempts.

See also my articles:

Leave a comment

Leave a Reply