blob: 6084fc1f105ed22b16cf165f33ff5ce5cc488ee8 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
# Fake hostnames here correspond to git remote URLs, which turns out
# to be the easy way to use separate keys for push and fetch:
#
# $ git remote -v
# origin pull.download.rpki.net:/usr/local/git/repositories/rpki.net.git/ (fetch)
# origin push.download.rpki.net:/usr/local/git/repositories/rpki.net.git/ (push)
#
# The third key is used for rsync daemon-mode-over-ssh, as the name suggests:
#
# $ rsync --rsh ssh rsync://download.rpki.net/
# APT APT repository for old stable RPKI code (trunk)
# APTng APT repository for new development RPKI code
#
# The reason for using three separate keys is simple: this is a robot, keys are cheap,
# and using a separate key for each allowed action gives us a trivial way to lock down
# the server side.
Host pull.download.rpki.net
HostName download.rpki.net
User aptbot
IdentityFile ~/.ssh/id_rsa_pull
IdentitiesOnly yes
Host push.download.rpki.net
HostName download.rpki.net
User aptbot
IdentityFile ~/.ssh/id_rsa_push
IdentitiesOnly yes
Host download.rpki.net
HostName download.rpki.net
User aptbot
IdentityFile ~/.ssh/id_rsa_rsync
IdentitiesOnly yes
|
