Greetings. I've set up several sshfp records some time ago. Everything works great except the way openssh chooses the sshfp record. Now it looks liek the client asks for the name supplied on the command line. It might be a bit trouble some since there are at least three ways to set up some aliases and at leas one of them is secure. I propose an alternative way which even seems more robust as far as multihoming is concerned. 1. Get the name from the command line. 2. Connect the host. 3. Ask the socket for the address of the remote host (important for multihoming) 4. Make revDNS query to get the "real name". 5. Look for an SSHFP for the "real name". Of course this procedure might (I have not analysed it carefully) pose some security risks so it should be optional. Or even more, it should be allowed only for some hosts based on both IP and name (eg. *.example.com and 192.0.2.128/26). PS. Please CC the answers, I haven't subscribed the list. -- Best regards,>?ukasz<