| ... | ... | @@ -8,13 +8,28 @@ If you have a recent enough ssh (>= 2016 or so), then you can use the `ProxyJump |
|
|
|
|
|
|
|
With recent ssh versions:
|
|
|
|
|
|
|
|
Host *.torproject.org !people.torproject.org !gitlab.torproject.org
|
|
|
|
ProxyJump people.torproject.org
|
|
|
|
Host *.torproject.org !ssh.torproject.org !people.torproject.org !gitlab.torproject.org
|
|
|
|
ProxyJump ssh.torproject.org
|
|
|
|
|
|
|
|
Or with old ssh versions (before OpenSSH 7.3, or Debian 10 "buster"):
|
|
|
|
|
|
|
|
Host *.torproject.org !people.torproject.org !gitlab.torproject.org
|
|
|
|
ProxyCommand ssh -l %r -W %h:%p people.torproject.org
|
|
|
|
Host *.torproject.org !ssh.torproject.org !people.torproject.org !gitlab.torproject.org
|
|
|
|
ProxyCommand ssh -l %r -W %h:%p ssh.torproject.org
|
|
|
|
|
|
|
|
Note that there are multiple `ssh`-like aliases that you can use,
|
|
|
|
depending on your location (or the location of the target host). Right
|
|
|
|
now there are two:
|
|
|
|
|
|
|
|
* `ssh-dal.torproject.org` - in [Dallas, TX, USA](https://en.wikipedia.org/wiki/Dallas)
|
|
|
|
* `ssh-fsn.torproject.org` - in [Falkenstein, Saxony, Germany](https://en.wikipedia.org/wiki/Falkenstein,_Saxony)
|
|
|
|
|
|
|
|
The canonical list for this is searching for `ssh` in the `purpose`
|
|
|
|
field on the [machines database](https://db.torproject.org/machines.cgi).
|
|
|
|
|
|
|
|
> Note: It is perfectly acceptable to run `ping` against the server to
|
|
|
|
> determine the closest to your location, and you can also run ping
|
|
|
|
> *from* the server *to* a target server as well. The shortest path
|
|
|
|
> will be the one that has the lowest *sum* for those two, naturally.
|
|
|
|
|
|
|
|
If your local username is different from your TPO username, also set
|
|
|
|
it in your `.ssh/config`:
|
| ... | ... | @@ -26,7 +41,7 @@ Members of TPA might have a different configuration to login as root |
|
|
|
by default, but keep their normal user for key services:
|
|
|
|
|
|
|
|
# interact as a normal user with Puppet, LDAP, jump and git servers by default
|
|
|
|
Host puppet.torproject.org db.torproject.org people.torproject.org gitlab.torproject.org git.torproject.org git-rw.torproject.org
|
|
|
|
Host puppet.torproject.org db.torproject.org ssh.people.torproject.org people.torproject.org gitlab.torproject.org git.torproject.org git-rw.torproject.org
|
|
|
|
User USERNAME
|
|
|
|
|
|
|
|
Host *.torproject.org
|
| ... | ... | @@ -49,4 +64,4 @@ And keep the `~/.ssh/known_hosts.torproject.org` file up to date by |
|
|
|
regularly pulling it from a TPO host, so that new hosts are
|
|
|
|
automatically added, for example:
|
|
|
|
|
|
|
|
rsync -ctvLP perdulce.torproject.org:/etc/ssh/ssh_known_hosts ~/.ssh/known_hosts.torproject.org |
|
|
|
rsync -ctvLP ssh.torproject.org:/etc/ssh/ssh_known_hosts ~/.ssh/known_hosts.torproject.org |
