💾 Archived View for jacksonchen666.com › posts › 2023-07-14 › 16-43-03 › index.gmi captured on 2023-07-22 at 16:23:31. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
2023-07-14T16:43:03Z
It's actually pretty easy!
Assuming you have OpenSSH installed, just run `ssh-keyscan -D hostname` and you'll get BIND zone file format DNS records.
I then formatted that for use in deSEC.io (my DNS nameservers).
To utilize SSH key verification over DNS, you'll have to turn on the `VerifyHostKeyDNS` option.
For me on my computer... there isn't really a major benefit nor a minor one. Because I SSH into my server via private IP addresses, which has no DNS...
On the side where there is a benefit, it's not requiring a known host files for all of my builds.sr.ht manifest that reaches my server through SSH. Cool.
If `ssh-keyscan` doesn't work for you: