distorted.org.uk internal services

The following services are for distorted.org.uk users only. You will know if you're user. Unauthorized access is an offence under the UK Computer Misuse Act and/or other local legislation.


Fetch eamil using IMAP from mail.distorted.org.uk. Use STARTTLS on port 143. Passwords are managed using Chopwood, below. Alternatively, use the webmail service.

Send eamil using SMTP to mail.distorted.org.uk. Use STARTTLS on port 587. Passwords are managed using Chopwood, below.


Chopwood is an online service for setting passwords for online services. Users can use its web interface, or talk to it via SSH to chpwd@stratocaster.distorted.org.uk, or by running userv chpwd from a shell on stratocaster.

Internal certificate authority

External services use publicly verifiable certificates provided by Let's Encrypt. Internal services are certified by an internal certificate authority.

The following information is available.

This information is also available via rsync, at rsync://www.distorted.org.uk/ca/. Warning: the rsync protocol has many nice features, but securely authenticating data is not one of them. It's safe to use the active certificates and the CRL, since they can be authenticated using the root CA public key; but it's not safe to trust the other data. In particular, don't rely on the root CA public key if you obtained it via rsync.

SSH host keys

All distorted.org.uk machines have SSH host keys. Currently, we prefer Ed25519, but also use e2048- or 3072-bit RSA for compatibility with older clients. There is a complete list of the current host keys, including , signed using this PGP key. This file is updated nightly. SSH host key fingerprint data is also provided in SSHFP records in the DNS; the DNSsec signatures are also reissued nightly.

Finally, we run an OpenSSH certificate authority. To use this, paste the @cert-authority lines from the signed list into your ~/.ssh/known_hosts file.