💾 Archived View for jacksonchen666.com › posts › 2023-07-14 › 16-43-03 › index.gmi captured on 2023-07-22 at 16:23:31. Gemini links have been rewritten to link to archived content

View Raw

More Information

➡️ Next capture (2023-11-04)

-=-=-=-=-=-=-

Implementing SSHFP Records Because I Can

2023-07-14T16:43:03Z

It's actually pretty easy!

Assuming you have OpenSSH installed, just run `ssh-keyscan -D hostname` and you'll get BIND zone file format DNS records.

OpenSSH

I then formatted that for use in deSEC.io (my DNS nameservers).

To utilize SSH key verification over DNS, you'll have to turn on the `VerifyHostKeyDNS` option.

For me on my computer... there isn't really a major benefit nor a minor one. Because I SSH into my server via private IP addresses, which has no DNS...

On the side where there is a benefit, it's not requiring a known host files for all of my builds.sr.ht manifest that reaches my server through SSH. Cool.

If `ssh-keyscan` doesn't work for you:

Generating SSHFP records

public inbox (comments and discussions)

public inbox archives

(mailing list etiquette for public inbox)