X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=html%2Fdoc-hosts.wml;h=ead0b8878baf1ab757c15adb00c5b07b1a6c2db7;hb=0e1f4803a9672dbd8d9a13dceb37e493f1956d25;hp=9d0dd9922738d22492d83baa64dd94b887669c74;hpb=e9116caa57ca3a6372f0c651af30951e975f47a9;p=mirror%2Fuserdir-ldap-cgi.git diff --git a/html/doc-hosts.wml b/html/doc-hosts.wml index 9d0dd99..ead0b88 100644 --- a/html/doc-hosts.wml +++ b/html/doc-hosts.wml @@ -1,4 +1,5 @@ #use wml::db.d.o title="debian.org Developer Machines" +#use wml::vbar @@ -9,6 +10,11 @@ stored in the Debian LDAP database. The key and its fingerprint will be displayed when details for a machine are displayed.

+

Developers that have a secure path to a DNSSEC enabled resolver can +verify the existing SSHFP records for the debian.org servers by adding +VerifyHostKeyDNS yes to their ~/.ssh/config +file.

+

On machines in the debian.org which are updated from the LDAP database /etc/ssh/ssh_known_hosts contains the keys for all hosts in this domain. This helps for easier log in into such a @@ -16,8 +22,9 @@ machine. This is also be available in the chroot environments.

Developers should add StrictHostKeyChecking yes to their ~/.ssh/config file so that they only connect to -trusted hosts. With the file mentioned above, nearly all hosts in the -debian.org domain will be trusted automatically.

+trusted hosts. Either with the DNSSEC records or the file mentioned +above, nearly all hosts in the debian.org domain will be trusted +automatically.

Developers can also execute ud-host -f or ud-host -f -h host on a machine in the debian.org domain @@ -35,4 +42,5 @@ file(s)) will be exported to it and their SSH keys are not added to the LDAP system.

-

Debian Host Naming Scheme

+

Debian Host Naming Scheme

+

DNSSEC in Debian