pmeerw's blog /configuration/sshfp.html

Sat, 17 Dec 2022

Another nice article showing off DNSSEC strength...

Generate SSHFP DNS records for by host (pmeerw.net):

$ ssh-keygen -r @
@ IN SSHFP 1 1 3b00267ed86c211026e6d8b8eb5d9a7d9e51cf7d
@ IN SSHFP 1 2 189d464e8a13d2df66d882afdcb4220fb281ba1f19eda96aa35bf1a50188b0a7
@ IN SSHFP 2 1 adb06e3c4de279d2338bbec35a9a64c8661fb431
@ IN SSHFP 2 2 50e72d460ea86ad416b74b71f9b0c948bf42004ebf730290eff9d43fea9545a6
@ IN SSHFP 3 1 aaa45514f6bd534448ab7f09842fe1e13c269142
@ IN SSHFP 3 2 cc68f391aea002966cc3d7e84ce41dc73d4cfb6c2381e5b665f26603f8317dd3
@ IN SSHFP 4 1 7482ed5e3e6621978bd0bbd61f6b9740dcef252c
@ IN SSHFP 4 2 eb77b6f29bee067d6524459e4cfc696881bd70908d514be682cb068746729594

SSH can silently connect to an SSH server (without asking to verify the host fingerprint!) if VerifyHostKeyDNS is enabled: ssh -o VerifyHostKeyDNS=yes pmeerw@pmeerw.net.

posted at: 22:58 | path: /configuration | permanent link

<	December 2022					>
Su	Mo	Tu	We	Th	Fr	Sa
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30	31

Sat, 17 Dec 2022

Using DNS to securely publish SSH key fingerprints