Saturday, December 4, 2010

Part II: Adding SSH Public Keys to DNS

Fairly quick one, you'll need sshfp (available in EPEL for CentOS) installed.

Just need to type:
sshfp -s
which should give the response: IN SSHFP 1 1 c4d55ccbc4fdd2f4304586d6cdc4ad6fca5c743e IN SSHFP 2 1 7b504855c13277490992dea7091537d0f9bfdb1d
You just need to add these lines to your DNS zone for

To get SSH to check these keys, you'll need to modify your /etc/ssh/ssh_config or ~/.ssh/config to include
VerifyHostKeyDNS true