We've just had a situation where a TPA member pushed to pauli as root which could have messed up the repository's permission. This was discovered by the post-receive hook which said it was pushed as root, which is good. Such a configuration should prevent those issues on most services. In particular, I add the jump host there to avoid logging in as root as it's not necessary. The same with the LDAP server, running ldapvi can (and should) be done as a regular user.

anarcat · 7e897ee1
--- a/doc/ssh-jump-host.md
+++ b/doc/ssh-jump-host.md
@@ -22,6 +22,21 @@ it in your `.ssh/config`:
    Host *.torproject.org
      User USERNAME

+Members of TPA might have a different configuration to login as root
+by default, but keep their normal user for key services:
+
+    # interact as a normal user with Puppet, LDAP, jump and git servers by default
+    Host puppet.torproject.org db.torproject.org people.torproject.org gitlab.torproject.org git.torproject.org git-rw.torproject.org
+      User USERNAME
+
+    Host *.torproject.org
+      User root
+
+Note that git hosts are not strictly necessary as you should normally
+specify a `git@` user in your git remotes, but it's a good practice
+nevertheless to catch those scenarios where that might have been
+forgotten.
+
 It is also worth keeping the `known_hosts` file in sync to avoid
 server authentication warnings. The server's public keys are also
 available in DNS. So add this to your `.ssh/config`: