2023-07-14 16:43:03Z (last updated 2023-07-14 16:43:03Z)
It's actually pretty easy!
Assuming you have OpenSSH installed, just run ssh-keyscan -D hostname
and you'll get BIND zone file format DNS records.
=> OpenSSH
I then formatted that for use in deSEC.io (my DNS nameservers).
To utilize SSH key verification over DNS, you'll have to turn on the VerifyHostKeyDNS
option.
For me on my computer... there isn't really a major benefit nor a minor one. Because I SSH into my server via private IP addresses, which has no DNS...
On the side where there is a benefit, it's not requiring a known host files for all of my builds.sr.ht manifest that reaches my server through SSH. Cool.
If ssh-keyscan
doesn't work for you:
=> public inbox (comments and discussions) | public inbox archives | (mailing list etiquette for public inbox) This content has been proxied by September (3851b).Proxy Information
text/gemini;lang=en