X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=html%2Fdoc-hosts.wml;h=ead0b8878baf1ab757c15adb00c5b07b1a6c2db7;hb=HEAD;hp=9d0dd9922738d22492d83baa64dd94b887669c74;hpb=e9116caa57ca3a6372f0c651af30951e975f47a9;p=mirror%2Fuserdir-ldap-cgi.git
diff --git a/html/doc-hosts.wml b/html/doc-hosts.wml
index 9d0dd99..ead0b88 100644
--- a/html/doc-hosts.wml
+++ b/html/doc-hosts.wml
@@ -1,4 +1,5 @@
#use wml::db.d.o title="debian.org Developer Machines"
+#use wml::vbar
Developers that have a secure path to a DNSSEC enabled resolver can
+verify the existing SSHFP records for the debian.org servers by adding
+VerifyHostKeyDNS yes
to their ~/.ssh/config
+file.
On machines in the debian.org which are updated from the LDAP
database /etc/ssh/ssh_known_hosts
contains the keys for
all hosts in this domain. This helps for easier log in into such a
@@ -16,8 +22,9 @@ machine. This is also be available in the chroot environments.
Developers should add StrictHostKeyChecking yes
to
their ~/.ssh/config
file so that they only connect to
-trusted hosts. With the file mentioned above, nearly all hosts in the
-debian.org domain will be trusted automatically.
Developers can also execute ud-host -f
or
ud-host -f -h host
on a machine in the debian.org domain
@@ -35,4 +42,5 @@ file(s)) will be exported to it and their SSH keys are not added to
the LDAP system.