29 Jun
2006
29 Jun
'06
4:19 a.m.
Jeroen Massar writes:
The answer to your question: RFC4255 "Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints" http://www.ietf.org/rfc/rfc4255.txt
Yes, that's cool if your SSH client supports it (recent OpenSSH's do).
You will only need to stuff the FP's into SSHFP DNS RR's and turn on verification for these records on the clients. Done.
How do you get the SSH host key fingerprint of a Cisco into SSHFP syntax?
In combo with DNSSEC this is a (afaik ;) 100% secure way to at least get the finger prints right.
Exactly. -- Simon.