hi, I recently committed an update of the code that handles lookup of SSHFP resource records in DNS. this code is now included by default, the old DNS and DNSSEC defines has been removed. for more information, read about VerifyHostKeyDNS in ssh_config(5) and check out README.dns. feedback would be appreciated, jakob
Reasonably Related Threads
- Small issue with DNSSEC / SSHFP
- Possible bug: SSH doesn't prefer host keys listed in SSHFP records while connecting.
- feature request: modify getrrsetbyname() to use libunbound
- [Bug 3698] New: SSHFP validation fails when multiple keys of the same type are found in DNS
- Possible bug: SSH doesn't prefer host keys listed in SSHFP records while connecting.