From 0e1f4803a9672dbd8d9a13dceb37e493f1956d25 Mon Sep 17 00:00:00 2001
From: Alex Muntada
Developers that have a secure path to a DNSSEC enabled resolver can
+verify the existing SSHFP records for the debian.org servers by adding
+VerifyHostKeyDNS yes
to their ~/.ssh/config
+file.
On machines in the debian.org which are updated from the LDAP
database /etc/ssh/ssh_known_hosts
contains the keys for
all hosts in this domain. This helps for easier log in into such a
@@ -17,8 +22,9 @@ machine. This is also be available in the chroot environments.
Developers should add StrictHostKeyChecking yes
to
their ~/.ssh/config
file so that they only connect to
-trusted hosts. With the file mentioned above, nearly all hosts in the
-debian.org domain will be trusted automatically.
Developers can also execute ud-host -f
or
ud-host -f -h host
on a machine in the debian.org domain
@@ -37,3 +43,4 @@ the LDAP system.