--- /dev/null
+#use wml::db.d.o title="debian.org Developer Machines"
+
+<h3>SSH Host Keys</h3>
+
+<p>The SSH host keys for the machines in the debian.org domains are
+stored in the Debian LDAP database. The key and its fingerprint will
+be displayed when <a href="machines.cgi">details</a> for a machine are
+displayed.</p>
+
+<p>On machines in the debian.org which are updated from the LDAP
+database <code>/etc/ssh/ssh_known_hosts</code> contains the keys for
+all hosts in this domain. This helps for easier log in into such a
+machine. This is also be available in the chroot environments.</p>
+
+<p>Developers should add <code>StrictHostKeyChecking yes</code> to
+their <code>~/.ssh/config</code> file so that they only connect to
+trusted hosts. With the file mentioned above, nearly all hosts in the
+debian.org domain will be trusted automatically.</p>
+
+<p>Developers can also execute <code>ud-host -f</code> or
+<code>ud-host -f -h host</code> on a machine in the debian.org domain
+in order to display all host fingerprints or only the fingerprints of
+a particular host in order to compare it with the output of
+<code>ssh</code> on an external host.</p>
+
+<h3>Exception for Alioth</h3>
+
+<p>An exception has been made for the Alioth system since not only
+Debian developers have an account on this machine. As a result, this
+machine (or machines in case there are more of one serving as Alioth
+hosts) is generally not trusted. Hence no passwords (i.e. no shadow
+file(s)) will be exported to it and their SSH keys are not added to
+the LDAP system.</p>
+
+
+<p><a href="http://people.debian.org/~joey/misc/naming.html">Debian Host Naming Scheme</a></p>
projects / mirror / userdir-ldap-cgi.git / blobdiff