This file also allows you to define short names for hosts using the Host and (If you want, you can also add a default User.)Ĭommand line tools like ssh, git and hg will now default to portĪ downside to this approach is that your users will each need to set up their
To do this, add a section like this to your On the client side so that ssh automatically defaults to the correct port See "Moving the sshd Port" below for help.Ĭhange Client Config: You can run on a nonstandard port, but configure SSH This is somewhat complicated and can be a bit Swap Ports: You can move the administrative sshd to a new port, then run Is often the simplest and cleanest approach. This may be very easy to set up, particularly if you are hosted in AWS, and Then users canĬlone from without an explicit port number and you don't Use a Load Balancer: You can configure a load balancer in front of the hostĪnd have it forward TCP traffic on port 22 to port 2222. This is the simplestĪpproach, and you can always start here and clean things up later if you grow Port 2222 and accept the explicit port in the URIs. Run on Port 2222: You can do nothing, and just run the repository sshd on There are several different approaches you can use to mitigate or eliminate Users will clone and push to URIs like which is a This is easy to configure, but if you run the service on this port These instructions will walk you through configuring the alternate sshd on Of them can run on port 22, which will make it a bit inconvenient to access Which serves repositories can't run on the same port. The normal sshd that lets you administrate the host and the special sshd The next section lays out various approaches. Phabricator relies on the AuthorizedKeysCommand option.īefore continuing, you must choose a strategy for which port each copy of NOTE: The Phabricator sshd service MUST be 6.2 or newer, because This special copy of sshd will serve repository requests and provide
Restricted copy of sshd on the machine, on a different port from the standard SSH access requires some additional setup. If you're having trouble, see "Troubleshooting HTTP" below. You should nowīe able to fetch and push repositories over HTTP. NoĪdditional server configuration is required to make HTTP work. Otherwise, if you've configured system accounts above, you're all set. Instead of HTTP to authenticate access to repositories. Often stored in plaintext in world-readable files, observable in ps output,Īnd present in command output and logs.
Password because VCS passwords are very easy to accidentally disclose. Your VCS password must be a different password than your main Phabricator If you plan to use authenticated HTTP, you (and all other users) also need toĬonfigure a VCS password for your account in Settings → VCS Password. Over HTTP (or plan to use only anonymous HTTP) you can leave this setting If you plan to serve repositories over authenticated HTTP, you need to setĭiffusion.allow-http-auth in Config. To point at a real shell, usually /bin/sh. If you do not have usermod, carefully edit the file and change the field
Now that you have created or identified these accounts, update the Phabricator When users clone repositories, they will use a URI like so common names for this user are git or hg.Ĭontinue below to configure these accounts.
Phabricator uses two system user accounts, plus a third account if youĬonfigure SSH access. SSH is recommended unless you need anonymous access, or are not able toĬonfigure it for technical reasons. Protocol, or both, or a mixture across different repositories.
Each repository can be configured individually, and you can use either