diff --git a/phab-container/Dockerfile b/phab-container/Dockerfile
index afd5b2e..e9d8a33 100644
--- a/phab-container/Dockerfile
+++ b/phab-container/Dockerfile
@@ -1,77 +1,80 @@
 FROM ubuntu:22.04 as phabdev_base
 
 RUN apt-get update && \
     apt-get upgrade -y
 
 ENV DEBIAN_FRONTEND noninteractive
 
 ENV PHPVER 8.2
 
 RUN apt-get install -y sudo netcat-traditional iputils-ping ca-certificates software-properties-common apt-transport-https && \
     apt-get install -y mariadb-client nginx && \
     apt-get install -y --no-install-recommends ssh && \
     apt-get install -y git mercurial && \
     apt-get install -y vim less ripgrep fd-find && \
     apt-get install -y nodejs && \
     apt-get install -y --no-install-recommends npm && \
     add-apt-repository -y ppa:ondrej/php && \
     apt-get update && \
     apt-get install -y php${PHPVER} php${PHPVER}-fpm php${PHPVER}-mysql php${PHPVER}-gd php${PHPVER}-curl php${PHPVER}-apcu php${PHPVER}-cli php${PHPVER}-mbstring php${PHPVER}-zip php${PHPVER}-xdebug php${PHPVER}-iconv && \
     apt-get install -y python3 python3-pip && \
     pip install Pygments
 
 FROM phabdev_base
 
 ENV INSTALLDIR=$INSTALLDIR
 ENV HOST=$HOST
 ENV PORT=$PORT
 
 ADD ./conf/nginx.conf /etc/nginx/
 ADD ./conf/phab.conf /etc/nginx/conf.d/
 ADD ./conf/www.conf /etc/php/$PHPVER/fpm/pool.d/
 ADD ./conf/00-phab.ini /etc/php/$PHPVER/fpm/conf.d/
 ADD ./conf/phab.sshd_config /etc/ssh/sshd_config.d/
 ADD ./conf/phabricator-ssh-hook.sh /usr/libexec/
 
 # Allow www-data (entrypoint) to sudo as root to run nginx
-RUN echo "www-data  ALL=(root)  NOPASSWD: /usr/sbin/nginx" >> /etc/sudoers && \
-    echo "www-data  ALL=(root)  NOPASSWD: /usr/sbin/php-fpm$PHPVER" >> /etc/sudoers && \
-    echo "www-data  ALL=(phab-phd)  NOPASSWD: ALL" >> /etc/sudoers && \
-    echo "www-data  ALL=(root)  NOPASSWD: /usr/bin/sed" >> /etc/sudoers && \
-    echo "www-data  ALL=(root)  NOPASSWD: /usr/sbin/sshd" >> /etc/sudoers && \
-    echo "phab-phd  ALL=(root)  NOPASSWD: ALL" >> /etc/sudoers
+RUN echo "www-data  ALL=(root)  NOPASSWD: /usr/sbin/nginx" >> /etc/sudoers.d/phab-sudoers && \
+    echo "www-data  ALL=(root)  NOPASSWD: /usr/sbin/php-fpm$PHPVER" >> /etc/sudoers.d/phab-sudoers && \
+    echo "www-data  ALL=(phab-phd)  NOPASSWD: ALL" >> /etc/sudoers.d/phab-sudoers && \
+    echo "www-data  ALL=(root)  NOPASSWD: /usr/bin/sed" >> /etc/sudoers.d/phab-sudoers && \
+    echo "www-data  ALL=(root)  NOPASSWD: /usr/sbin/sshd" >> /etc/sudoers.d/phab-sudoers && \
+    echo "phab-phd  ALL=(root)  NOPASSWD: ALL" >> /etc/sudoers.d/phab-sudoers && \
+    echo "wanderer  ALL=(phab-phd)  SETENV: NOPASSWD: /usr/bin/hg, /usr/bin/git, /usr/bin/git-upload-pack, /usr/bin/git-upload-archive, /usr/bin/git-receive-pack" >> /etc/sudoers.d/phab-sudoers
 
 RUN useradd --system phab-phd && \
     groupadd phab && \
     usermod -a -G phab phab-phd && \
     usermod -a -G phab www-data
 
 # The user which accepts incoming SSH
-RUN useradd --system --create-home wanderer && \
+RUN useradd --system --create-home --shell /usr/bin/bash wanderer && \
     usermod -a -G phab wanderer && \
-    usermod -p '*' wanderer
+    usermod -p NP wanderer
 
 RUN mkdir -p /opt/phabdev/ && \
     mkdir -p /opt/filestore && \
     mkdir -p /opt/repos && \
     mkdir -p /var/log/phabricator && \
     mkdir -p /run/php/ && \
     mkdir -p /run/sshd/ && \
-    touch /var/log/aphlict.log
+    touch /var/log/aphlict.log && \
+    touch /var/log/phab-ssh-error.log
 
-RUN chown -R phab-phd:phab /opt/ && \
-    chown -R www-data:phab /var/log/phabricator/ && \
-    chown -R www-data:phab /var/www/ && \
-    chown www-data:phab /var/log/aphlict.log && \
-    chmod -R g+rw /opt/ && \
-    chmod -R g+rw /var/log/phabricator/ && \
-    chmod -R 0755 /run/sshd/ && \
-    chmod g+rw /var/log/aphlict.log
+RUN chown -R phab-phd:phab  /opt/ && \
+    chown -R www-data:phab  /var/log/phabricator/ && \
+    chown -R www-data:phab  /var/www/ && \
+    chown    www-data:phab  /var/log/aphlict.log && \
+    chmod -R g+rws  /opt/ && \
+    chmod -R g+rws  /var/log/phabricator/ && \
+    chmod -R 0755   /run/sshd/ && \
+    chmod    g+rw   /var/log/aphlict.log && \
+    chmod    g+rw   /var/log/phab-ssh-error.log
 
 # Run entrypoint as the web service account
 USER www-data
 
 ADD ./conf/local.json /opt/phabdev
 ADD ./conf/entrypoint.sh /opt/phabdev
 
 ENTRYPOINT ["/opt/phabdev/entrypoint.sh"]
diff --git a/phab-container/conf/local.json b/phab-container/conf/local.json
index 9021b02..569e40b 100644
--- a/phab-container/conf/local.json
+++ b/phab-container/conf/local.json
@@ -1,35 +1,36 @@
 {
   "phabricator.developer-mode": true,
   "phabricator.silent": true,
   "log.access.path": "/var/log/phabricator/access.log",
   "repository.default-local-path": "/opt/repos",
   "storage.default-namespace": "phabricator",
   "mysql.pass": "phabricator",
   "mysql.user": "phabricator",
   "mysql.host": "phabdev-db",
   "storage.local-disk.path": "/opt/filestore",
   "phd.user": "phab-phd",
   "auth.lock-config": true,
   "phabricator.base-uri": "BASE_URI",
   "pygments.enabled": true,
+  "log.ssh-error.path": "/var/log/phab-ssh-error.log",
   "diffusion.ssh-user": "wanderer",
   "notification.servers": [
     {
         "type": "client",
         "host": "HOST",
         "port": 22280,
         "protocol": "http",
         "path": "/ws/"
     },
     {
         "type": "admin",
         "host": "127.0.0.1",
         "port": 22281,
         "protocol": "http"
     }
   ],
 
   "phabricator.timezone": "America/New_York",
   "darkconsole.enabled": true,
   "darkconsole.always-on": true
 }