SSHFP records?

So I learned about SSHFP records at FUDCon and decided to implement them for some of our externally facing sites like, and (and others).

What is an SSHFP record? It's a ssh host key in DNS so you can verify it is correct. For example you can run:

$ dig SSHFP

Which will get you: 85975 IN SSHFP 2 1 DE382873ABE19B40AEFE714D686E15E16EAD5177 85975 IN SSHFP 1 1 A843ECED826C2F0075888150E89AE4567CD37D7F

So how can you use this information? Set VerifyHostKeyDNS to yes in your ssh_config (man ssh_config for more info, but you'll probably want to place it in your ~/.ssh/config file)


Dec. 20th, 2010 08:10 am (UTC)
Microsoft Office 2007
