This is not much different from the offical diffusion doc. Let us start from https://secure.phabricator.com/book/phabricator/article/diffusion_hosting/#configuring-system-user
We will create the vcs-user first, called git.
sudo adduser --system --shell /bin/sh --gecos 'git version control user' --group --disabled-password --home /home/git git
Next, since we plan to use ssh, we will allow our git user to be access only a limited number of binaries over the network, so add the following to /etc/sudoers with visudo:
git ALL=(daemon-user) SETENV: NOPASSWD: /usr/bin/git-upload-pack, /usr/bin/git-receive-pack
I have edited the git binaries' paths to the standard paths in the debian ecosystem, please edit them if yours are different. Also remember to edit the daemon-user value.
Next, complete the rest of the part from that section in the official docs. After that...
Here, we entirely skip the first two steps described, and just follow the third one.
Copy phabricator/resources/sshd/phabricator-ssh-hook.sh to /usr/share/phabricator-ssh-hook.sh, and edit it to match your system config.
Then edit the permissions as described:
sudo chown root /usr/share/phabricator-ssh-hook.sh sudo chmod 755 /usr/share/phabricator-ssh-hook.sh
Next follow the rest of that section, but in the file /etc/sshd_config.phabricator, set the port to whatever port you want, I chose 240, and you are almost done.
Now the most important key of the recipe is setting the correct options with phabricator/bin/config. We let it know the correct port, and the user via this:
./bin/config set diffusion.ssh-user git ./bin/config set diffusion.ssh-port 240
If you chose a port different from 240, use that instead.
No restart is required with this, and things should work just fine :) If you restart your server ever, the phabricator ssh daemon won't autostart, so add it to /etc/rcinit as well.