@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
Remove the "ssh-auth-key" script
Summary:
Ref T13436. Historically, this script could be used with a forked copy of "sshd" to do lower-cost per-key auth.
Relatively modern "sshd" supports "%f" to "AuthorizedKeysCommand", which effectively moots this.
Users have never been instructed to use this script for anything, and we moved away from this specific patch to "sshd" some time ago.
Test Plan: Grepped for "ssh-auth-key", no hits.
Maniphest Tasks: T13436
Differential Revision: https://secure.phabricator.com/D20873
-43
-1
bin/ssh-auth-key
-1
bin/ssh-auth-key
···
1
-
../scripts/ssh/ssh-auth-key.php
-42
scripts/ssh/ssh-auth-key.php
-42
scripts/ssh/ssh-auth-key.php
···
1
-
#!/usr/bin/env php
2
-
<?php
3
-
4
-
$root = dirname(dirname(dirname(__FILE__)));
5
-
require_once $root.'/scripts/__init_script__.php';
6
-
7
-
try {
8
-
$cert = file_get_contents('php://stdin');
9
-
$public_key = PhabricatorAuthSSHPublicKey::newFromRawKey($cert);
10
-
} catch (Exception $ex) {
11
-
exit(1);
12
-
}
13
-
14
-
$key = id(new PhabricatorAuthSSHKeyQuery())
15
-
->setViewer(PhabricatorUser::getOmnipotentUser())
16
-
->withKeys(array($public_key))
17
-
->withIsActive(true)
18
-
->executeOne();
19
-
if (!$key) {
20
-
exit(1);
21
-
}
22
-
23
-
$object = $key->getObject();
24
-
if (!($object instanceof PhabricatorUser)) {
25
-
exit(1);
26
-
}
27
-
28
-
$bin = $root.'/bin/ssh-exec';
29
-
$cmd = csprintf('%s --phabricator-ssh-user %s', $bin, $object->getUsername());
30
-
// This is additional escaping for the SSH 'command="..."' string.
31
-
$cmd = addcslashes($cmd, '"\\');
32
-
33
-
$options = array(
34
-
'command="'.$cmd.'"',
35
-
'no-port-forwarding',
36
-
'no-X11-forwarding',
37
-
'no-agent-forwarding',
38
-
'no-pty',
39
-
);
40
-
41
-
echo implode(',', $options);
42
-
exit(0);