Publish SSH Server Keys
By publishing you SSH server public keys on DNS, connecting clients can verify the server identity without the need to distribute and update your server public keys on all clients.
Note
You need to already have setup a DNSSEC secured DNS server for the servers domain. See PowerDNS and Securing the Domain.
sshfp -s server.example.net
# server.example.net SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
server.example.net IN SSHFP 1 1 5E677..............................21447
If you use PowerDNS server with the poweradmin web interface, add records as follows:
Name |
Type |
Content |
|---|---|---|
server.example.net |
SSHFP |
1 1 5E677…………………………21447 |