Given that you are using Phabricator, have you tried this?
https://secure.phabricator.com/book/phabricator/article/diffusion_hooks/
On Thu, Dec 3, 2015 at 3:55 PM, foven <effoven_at_gmail.com> wrote:
> On Thu, Dec 3, 2015 at 2:54 PM, <jblist_at_icloud.com> wrote:
>
>>
>> On Dec 3, 2015, at 9:40 AM, foven <effoven_at_gmail.com> wrote:
>>
>> On Wed, Dec 2, 2015 at 9:50 PM, Nico Kadel-Garcia <nkadel_at_gmail.com>
>> wrote:
>>
>>> On Wed, Dec 2, 2015 at 2:12 PM, foven <effoven_at_gmail.com> wrote:
>>>
>>> > I looked at the output of "journalctl -n 50", which seems to be enough
>>> > to see all that is logged for a commit attempt. I also checked
>>> > /var/log/secure. I didn't see anything that seemed obviously wrong to
>>> > me either way, although it is possible that I missed something. Are
>>> > there any other logs that I should check?
>>> >
>>> > Also, just to be clear, when I say that svn+ssh is not working, it is
>>> > working for checkouts and if I remove the pre-commit hook, it works for
>>> > commits as well. Does it still seem likely that this is a ssh issue?
>>> >
>>> > Is there any more information I can provide that might help?
>>>
>>> Start at the beginning: As whom is the "svn+ssh" connection being
>>> made? I assume it's the "phd" user, and that the SSH keys have been
>>> correctly configured?
>>>
>>
>> Well, this repository is hosted by Phabricator.
>>
>>
>> <…snip…>
>>
>> I hope this helps. Please let me know if you need more information.
>>
>>
>>
>> This almost feels to me as if the path "/bin/sh" is not what it seems. Do
>> you know if Phabricator is using a chroot'd sshd implementation? They are
>> usually rare since sshd does not provide that by default, but I have seen
>> some attempts.
>>
>> -Joseph
>>
>>
>>
>>
> I'm not totally sure, but I don't think it is. I'm basing this off the
> fact that the sshd_config file for Phabricator's sshd instance doesn't
> seem to use ChrootDirectory. I don't know much about using chroot with
> sshd, but it seems like that is how the chroot directory is specified.
> So if it isn't present, that would probably imply that chroot is not
> being used.
>
> Of course, I could be wrong. Not sure what else to look for though.
> Phabricator does set some limitations in the sshd_config file.
> Here is what the file looks like, in case it is of interest:
>
>
> # NOTE: You must have OpenSSHD 6.2 or newer; support for
> AuthorizedKeysCommand
> # was added in this version.
>
> # NOTE: Edit these to the correct values for your setup.
>
> AuthorizedKeysCommand /usr/libexec/phabricator-ssh-hook.sh
> AuthorizedKeysCommandUser vcs
> AllowUsers vcs
>
> # You may need to tweak these options, but mostly they just turn off
> everything
> # dangerous.
>
> Port 22
> Protocol 2
> PermitRootLogin no
> AllowAgentForwarding no
> AllowTcpForwarding no
> PrintMotd no
> PrintLastLog no
> PasswordAuthentication no
> AuthorizedKeysFile none
>
> PidFile /var/run/sshd-phabricator.pid
>
>
--
Thanks
Mark Phippard
http://markphip.blogspot.com/
Received on 2015-12-03 22:03:18 CET