X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=html%2Fdoc-hosts.wml;h=ead0b8878baf1ab757c15adb00c5b07b1a6c2db7;hb=HEAD;hp=2e252ebe0f13f7cecb229bf6475787f55f72f1bb;hpb=8c559bc81772ea4386bf02c191c2e8ee68c7fdaa;p=mirror%2Fuserdir-ldap-cgi.git diff --git a/html/doc-hosts.wml b/html/doc-hosts.wml index 2e252eb..ead0b88 100644 --- a/html/doc-hosts.wml +++ b/html/doc-hosts.wml @@ -10,6 +10,11 @@ stored in the Debian LDAP database. The key and its fingerprint will be displayed when details for a machine are displayed.
+Developers that have a secure path to a DNSSEC enabled resolver can
+verify the existing SSHFP records for the debian.org servers by adding
+VerifyHostKeyDNS yes
to their ~/.ssh/config
+file.
On machines in the debian.org which are updated from the LDAP
database /etc/ssh/ssh_known_hosts
contains the keys for
all hosts in this domain. This helps for easier log in into such a
@@ -17,8 +22,9 @@ machine. This is also be available in the chroot environments.
Developers should add StrictHostKeyChecking yes
to
their ~/.ssh/config
file so that they only connect to
-trusted hosts. With the file mentioned above, nearly all hosts in the
-debian.org domain will be trusted automatically.
Developers can also execute ud-host -f
or
ud-host -f -h host
on a machine in the debian.org domain
@@ -37,3 +43,4 @@ the LDAP system.