Implementing SSHFP Records Because I Can

2023-07-14 16:43:03Z (last updated 2023-07-14 16:43:03Z)

It's actually pretty easy!

Assuming you have OpenSSH installed, just run ssh-keyscan -D hostname and you'll get BIND zone file format DNS records.

=> OpenSSH

I then formatted that for use in deSEC.io (my DNS nameservers).

To utilize SSH key verification over DNS, you'll have to turn on the VerifyHostKeyDNS option.

For me on my computer... there isn't really a major benefit nor a minor one. Because I SSH into my server via private IP addresses, which has no DNS...

On the side where there is a benefit, it's not requiring a known host files for all of my builds.sr.ht manifest that reaches my server through SSH. Cool.

If ssh-keyscan doesn't work for you:

=> Generating SSHFP records

=> public inbox (comments and discussions) | public inbox archives | (mailing list etiquette for public inbox)

Proxy Information
Original URL
gemini://jacksonchen666.com/posts/2023-07-14/16-43-03/index.gmi
Status Code
Success (20)
Meta
text/gemini;lang=en
Capsule Response Time
162.369649 milliseconds
Gemini-to-HTML Time
0.399739 milliseconds

This content has been proxied by September (3851b).