- Resources for Debian developers
Resources for Debian developers
How can I protect my @debian.org address from spam ?
Is there a way to connect to Debian servers if the SSH port is firewalled?
The machine people.debian.org (currently ravel.debian.org) runs a SSH server on port 443 (usually the "https" port). If your firewall gives you access to this port (or if a proxy does it for you), then you can connect to your account. If you plan to use this access to connect to other Debian hosts, please don't run an ssh-agent on ravel and don't put your private SSH keys over there. Instead you're strongly advised to customize your ~/.ssh/config file and create special entries to connect to other Debian machines.
Direct access to external machines via port 443 allowed
With the sample config below, you can do "ssh master.overravel" to connect to master.debian.org via ravel's SSH server running on port 443.
Host ravel.debian.org people.debian.org ravel Port 443 ForwardAgent no ForwardX11 no User <your_debian_login> IdentityFile <path to your private SSH key> Host *.overravel User <your_debian_login> IdentityFile <path to your private SSH key> ProxyCommand ssh -q -a -x ravel.debian.org 'nc -q2 -w1 $(basename %h .overravel) 22' ForwardAgent no ForwardX11 no
Note: Make sure that no netcat (nc) processes will be left on ravel. The '-q2' parameter should avoid this but having a close look that everything works as expected keeps ravel admins happy.
Direct access forbidden, going through a proxy
If you have to go through an https proxy, you can install the connect-proxy package and use something like this in your ~/.ssh/config:
Host ravel.debian.org people.debian.org ravel ProxyCommand connect-proxy -H <proxy>:<port> ravel.debian.org 443 ForwardAgent no ForwardX11 no Host *.overravel ProxyCommand ssh -q -a -x ravel.debian.org 'nc -w1 $(basename %h .overravel) 22' ForwardAgent no ForwardX11 no
(Reference: RT ticket #69)
How do I disable password-based SSH access?
There is no need to disable password-based access, as password based access was disabled as announced in this D-D-A. Just randomize your password using the lost password procedure and throw away the email that you get.