1 files changed, 20 insertions, 4 deletions
diff --git a/develop/manhole.html b/develop/manhole.html
index 576b50ddc9..daae700e8c 100644
--- a/develop/manhole.html
+++ b/develop/manhole.html
@@ -190,7 +190,7 @@ debugging.</p>
<p>Note that this will give administrative access to synapse to <strong>all users</strong> with
shell access to the server. It should therefore <strong>not</strong> be enabled in
environments where untrusted users have shell access.</p>
-<hr />
+<h2 id="configuring-the-manhole"><a class="header" href="#configuring-the-manhole">Configuring the manhole</a></h2>
<p>To enable it, first uncomment the <code>manhole</code> listener configuration in
<code>homeserver.yaml</code>. The configuration is slightly different if you're using docker.</p>
<h4 id="docker-config"><a class="header" href="#docker-config">Docker config</a></h4>
@@ -218,12 +218,28 @@ The <code>bind_addresses</code> in the example below is important: it ensures th
bind_addresses: ['::1', '127.0.0.1']
type: manhole
</code></pre>
-<h4 id="accessing-synapse-manhole"><a class="header" href="#accessing-synapse-manhole">Accessing synapse manhole</a></h4>
+<h3 id="security-settings"><a class="header" href="#security-settings">Security settings</a></h3>
+<p>The following config options are available:</p>
+<ul>
+<li><code>username</code> - The username for the manhole (defaults to <code>matrix</code>)</li>
+<li><code>password</code> - The password for the manhole (defaults to <code>rabbithole</code>)</li>
+<li><code>ssh_priv_key</code> - The path to a private SSH key (defaults to a hardcoded value)</li>
+<li><code>ssh_pub_key</code> - The path to a public SSH key (defaults to a hardcoded value)</li>
+</ul>
+<p>For example:</p>
+<pre><code class="language-yaml">manhole_settings:
+ username: manhole
+ password: mypassword
+ ssh_priv_key: "/home/synapse/manhole_keys/id_rsa"
+ ssh_pub_key: "/home/synapse/manhole_keys/id_rsa.pub"
+</code></pre>
+<h2 id="accessing-synapse-manhole"><a class="header" href="#accessing-synapse-manhole">Accessing synapse manhole</a></h2>
<p>Then restart synapse, and point an ssh client at port 9000 on localhost, using
-the username <code>matrix</code>:</p>
+the username and password configured in <code>homeserver.yaml</code> - with the default
+configuration, this would be:</p>
<pre><code class="language-bash">ssh -p9000 matrix@localhost
</code></pre>
-<p>The password is <code>rabbithole</code>.</p>
+<p>Then enter the password when prompted (the default is <code>rabbithole</code>).</p>
<p>This gives a Python REPL in which <code>hs</code> gives access to the
<code>synapse.server.HomeServer</code> object - which in turn gives access to many other
parts of the process.</p>
|
