Saturday, December 4, 2010

Part II: Adding SSH Public Keys to DNS

Fairly quick one, you'll need sshfp (available in EPEL for CentOS) installed.

Just need to type:
sshfp -s crane.initd.net
which should give the response:

crane.initd.net IN SSHFP 1 1 c4d55ccbc4fdd2f4304586d6cdc4ad6fca5c743e
crane.initd.net IN SSHFP 2 1 7b504855c13277490992dea7091537d0f9bfdb1d
You just need to add these lines to your DNS zone for initd.net.

To get SSH to check these keys, you'll need to modify your /etc/ssh/ssh_config or ~/.ssh/config to include
VerifyHostKeyDNS true

7 comments: