I don’t know if anyone has talked about this before or not, but I have discovered that it is really easy to set up ssh access for Phabricator without running a separate daemon on a nonstandard port. The magic that allows this is the OpenSSH’s sshd_config directive
Match. All of the necessary config options for Phabricator’s normal ssh setup are valid in a
Match block. My
vcs-user is simply
git because I don’t intend to use any other vcs. Following all of the directions for setting up ssh in the documentation, with the exception of the sshd_config stuff, I did this in five minutes by adding the following to the end of my normal
Match User git AllowAgentForwarding no AllowTcpForwarding no PasswordAuthentication no AuthorizedKeysFile none AuthorizedKeysCommand /usr/libexec/phabricator-ssh-hook.sh AuthorizedKeysCommandUser git
and it worked just as expected, including pinging conduit.
I think this should be added to the documentation in some way, either as the recommended practice or an “if you don’t want to do it our way” method. What does everyone think about this?