Phabricator-ssh-hook.sh Not Running Correctly

EDIT: I was being stupid. Because of another issue I posted, I am authenticating with an unusual private key. so I had to specify that on the command line. This post is unnecessary

I am following these instructions: https://secure.phabricator.com/book/phabricator/article/diffusion_hosting/. Probably I am not seeing something that is obvious but I have been over the doc many times. Hopefully you can help.

I have isolated the problem to phabricator-ssh-hook.sh not executing, or not executing as it should (I do not know which).

The problem starts with this:

$ echo {} | ssh git@phabricator.mydomain.com conduit conduit.ping
Permission denied (publickey).

If I edit /etc/ssh/sshd_config.phabricator to include an AuthorizedKeysFile and I add the key to /home/git/.authorized_keys then I am able to log on using the post specified in /etc/ssh/sshd_config.phabricator (which is different from my main SSH port) so I know that /etc/ssh/sshd_config.phabricator is being read and is applying to user git.

OpenSSHd is 7.2p:
OpenSSH_7.2p2 Ubuntu-4ubuntu2.4, OpenSSL 1.0.2g 1 Mar 2016

Here is /etc/ssh/sshd_config.phabricator:

AuthorizedKeysCommand /usr/libexec/phabricator-ssh-hook.sh
AuthorizedKeysCommandUser git
AllowUsers git

# You may need to tweak these options, but mostly they just turn off everything
# dangerous.

Port 22
Protocol 2
PermitRootLogin no
AllowAgentForwarding no
AllowTcpForwarding no
PrintMotd no
PrintLastLog no
PasswordAuthentication no
ChallengeResponseAuthentication no
AuthorizedKeysFile no
#/home/git/.ssh/authorized_keys

PidFile /var/run/sshd-phabricator.pid

Permissions on the directory /usr/libexec:

root@phabricator:/usr/libexec# ls -la
total 12
drwxr-xr-x  2 root root 4096 May  4 06:41 .
drwxr-xr-x 11 root root 4096 May  4 04:11 ..
-rwxr-xr-x  1 root root  293 May  4 06:33 phabricator-ssh-hook.sh

Here is /usr/libexec/phabricator-ssh-hook.sh:

#!/bin/sh

# NOTE: Replace this with the username that you expect users to connect with.
VCSUSER="git"

# NOTE: Replace this with the path to your Phabricator directory.
ROOT="/home/phd/phabricator"

if [ "$1" != "$VCSUSER" ];
then
  exit 1
fi

touch /home/git/itRan

exec "$ROOT/bin/ssh-auth" $@

You will see I added a “touch” command because I want to see if the script runs but cannot perform the exec command. So far /home/git/itRan does not exist.

If I “su git” and run /home/phd/phabricator/bin/ssh-auth, I get good output (I think). It lists the only SSH key that is active on the system. So I think sudo is configured correctly. It does not ask for a password because git does not have a password.

EDIT: Also I see the output of the one SSH key on the system when I type this command as user git:

git@phabricator:/usr/libexec$ ./phabricator-ssh-hook.sh git

And in this case I see /home/git/itRan. So the script is good and it runs. The problem is that it is not being called from /etc/ssh/ssh_config.phabricator. I will look at that spot but if you see the problem please tell me.

Probably this is clear to you but to me it is a mystery. I would enjoy help please. Thank you.