1 #use wml::db.d.o title="debian.org Developer Machines"
5 <p>The SSH host keys for the machines in the debian.org domains are
6 stored in the Debian LDAP database. The key and its fingerprint will
7 be displayed when <a href="machines.cgi">details</a> for a machine are
10 <p>On machines in the debian.org which are updated from the LDAP
11 database <code>/etc/ssh/ssh_known_hosts</code> contains the keys for
12 all hosts in this domain. This helps for easier log in into such a
13 machine. This is also be available in the chroot environments.</p>
15 <p>Developers should add <code>StrictHostKeyChecking yes</code> to
16 their <code>~/.ssh/config</code> file so that they only connect to
17 trusted hosts. With the file mentioned above, nearly all hosts in the
18 debian.org domain will be trusted automatically.</p>
20 <p>Developers can also execute <code>ud-host -f</code> or
21 <code>ud-host -f -h host</code> on a machine in the debian.org domain
22 in order to display all host fingerprints or only the fingerprints of
23 a particular host in order to compare it with the output of
24 <code>ssh</code> on an external host.</p>
26 <h3>Exception for Alioth</h3>
28 <p>An exception has been made for the Alioth system since not only
29 Debian developers have an account on this machine. As a result, this
30 machine (or machines in case there are more of one serving as Alioth
31 hosts) is generally not trusted. Hence no passwords (i.e. no shadow
32 file(s)) will be exported to it and their SSH keys are not added to
36 <p><a href="http://people.debian.org/~joey/misc/naming.html">Debian Host Naming Scheme</a></p>