1 #use wml::db.d.o title="debian.org Developer Machines"
8 <p>The SSH host keys for the machines in the debian.org domains are
9 stored in the Debian LDAP database. The key and its fingerprint will
10 be displayed when <a href="machines.cgi">details</a> for a machine are
13 <p>Developers that have a secure path to a DNSSEC enabled resolver can
14 verify the existing SSHFP records for the debian.org servers by adding
15 <code>VerifyHostKeyDNS yes</code> to their <code>~/.ssh/config</code>
18 <p>On machines in the debian.org which are updated from the LDAP
19 database <code>/etc/ssh/ssh_known_hosts</code> contains the keys for
20 all hosts in this domain. This helps for easier log in into such a
21 machine. This is also be available in the chroot environments.</p>
23 <p>Developers should add <code>StrictHostKeyChecking yes</code> to
24 their <code>~/.ssh/config</code> file so that they only connect to
25 trusted hosts. Either with the DNSSEC records or the file mentioned
26 above, nearly all hosts in the debian.org domain will be trusted
29 <p>Developers can also execute <code>ud-host -f</code> or
30 <code>ud-host -f -h host</code> on a machine in the debian.org domain
31 in order to display all host fingerprints or only the fingerprints of
32 a particular host in order to compare it with the output of
33 <code>ssh</code> on an external host.</p>
35 <h3>Exception for Alioth</h3>
37 <p>An exception has been made for the Alioth system since not only
38 Debian developers have an account on this machine. As a result, this
39 machine (or machines in case there are more of one serving as Alioth
40 hosts) is generally not trusted. Hence no passwords (i.e. no shadow
41 file(s)) will be exported to it and their SSH keys are not added to
45 <p><a href="https://people.debian.org/~joey/misc/naming.html">Debian Host Naming Scheme</a></p>
46 <p><a href="https://wiki.debian.org/DNSSEC">DNSSEC in Debian</a></p>
projects / mirror / userdir-ldap-cgi.git / blob