12345678910111213141516171819202122232425262728293031323334 |
- # Fake hostnames here correspond to git remote URLs, which turns out
- # to be the easy way to use separate keys for push and fetch:
- #
- # $ git remote -v
- # origin pull.download.rpki.net:/usr/local/git/repositories/rpki.net.git/ (fetch)
- # origin push.download.rpki.net:/usr/local/git/repositories/rpki.net.git/ (push)
- #
- # The third key is used for rsync daemon-mode-over-ssh, as the name suggests:
- #
- # $ rsync --rsh ssh rsync://download.rpki.net/
- # APT APT repository for old stable RPKI code (trunk)
- # APTng APT repository for new development RPKI code
- #
- # The reason for using three separate keys is simple: this is a robot, keys are cheap,
- # and using a separate key for each allowed action gives us a trivial way to lock down
- # the server side.
- Host pull.download.rpki.net
- HostName download.rpki.net
- User aptbot
- IdentityFile ~/.ssh/id_rsa_pull
- IdentitiesOnly yes
- Host push.download.rpki.net
- HostName download.rpki.net
- User aptbot
- IdentityFile ~/.ssh/id_rsa_push
- IdentitiesOnly yes
- Host download.rpki.net
- HostName download.rpki.net
- User aptbot
- IdentityFile ~/.ssh/id_rsa_rsync
- IdentitiesOnly yes
|