Following the article Diffusion User Guide: Repository Hosting, I had some issues setting up sshd to work.
I'm using FreeBSD 10.2 but I suspect that this could be relevant on some other systems too.
The thing is with authentication. After calling /usr/sbin/sshd -f /etc/ssh/sshd_config, I could login through ssh. However, any persistent setup starts sshd (implicitly) with service sshd start and… this cunningly doesn't work: it ignores my keys and asks for password.
I've tracked down the issue: rc.d scripts gets minimal PATH=/sbin:/bin:/usr/sbin:/usr/bin. That propagates through sshd's AuthorizedKeysCommand into phabricator-ssh-hook.sh which apparently doesn't work well in such environment. However, with PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/root/bin everything's fine.
I made a change in phabricator-ssh-hook.sh, adding export just before final invocation:
export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/root/bin exec "$ROOT/bin/ssh-auth" $@
Please consider making a note of that in the tutorial, this took more time that I would like to admit.