torproject.org Developer Machines
SSH Host Keys
The SSH host keys for the machines in the torproject.org domains are stored in the Tor LDAP database. The key and its fingerprint will be displayed when details for a machine are displayed.
Developers that have a secure path to a DNSSEC enabled resolver can
verify the existing SSHFP records for the torproject.org servers by adding
VerifyHostKeyDNS yes
to their ~/.ssh/config
file.
On machines in the torproject.org which are updated from the LDAP
database /etc/ssh/ssh_known_hosts
contains the keys for
all hosts in this domain. This helps for easier log in into such a
machine. This is also be available in the chroot environments.
Developers should add StrictHostKeyChecking yes
to
their ~/.ssh/config
file so that they only connect to
trusted hosts. Either with the DNSSEC records or the file mentioned
above, nearly all hosts in the torproject.org domain will be trusted
automatically.
Developers can also execute ud-host -f
or
ud-host -f -h host
on a machine in the torproject.org domain
in order to display all host fingerprints or only the fingerprints of
a particular host in order to compare it with the output of
ssh
on an external host.
You can contact us at torproject-admin@torproject.org.
"Tor" and the "Onion Logo" are registered trademarks of The Tor Project, Inc.
Based on db.debian.org, copyright SPI, see license terms.
Webmaster