We've just had a situation where a TPA member pushed to pauli as root
which could have messed up the repository's permission. This was
discovered by the post-receive hook which said it was pushed as root,
which is good.

Such a configuration should prevent those issues on most services.

In particular, I add the jump host there to avoid logging in as root
as it's not necessary. The same with the LDAP server, running ldapvi
can (and should) be done as a regular user.

doc/ssh-jump-host.md

@@ -22,6 +22,21 @@ it in your `.ssh/config`:
     Host *.torproject.org
       User USERNAME
 
+Members of TPA might have a different configuration to login as root
+by default, but keep their normal user for key services:
+
+    # interact as a normal user with Puppet, LDAP, jump and git servers by default
+    Host puppet.torproject.org db.torproject.org people.torproject.org gitlab.torproject.org git.torproject.org git-rw.torproject.org
+      User USERNAME
+
+    Host *.torproject.org
+      User root
+
+Note that git hosts are not strictly necessary as you should normally
+specify a `git@` user in your git remotes, but it's a good practice
+nevertheless to catch those scenarios where that might have been
+forgotten.
+
 It is also worth keeping the `known_hosts` file in sync to avoid
 server authentication warnings. The server's public keys are also
 available in DNS. So add this to your `.ssh/config`: