[Bug 1213] ssh-keyscan exits in mid-way
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Sun Mar 6 06:13:53 EST 2011
https://bugzilla.mindrot.org/show_bug.cgi?id=1213
--- Comment #28 from Daniel Richard G. <skunk at iSKUNK.ORG> 2011-03-06 06:13:53 EST ---
(In reply to comment #27)
>
> You really want to look at SSHFP DNS records protected by DNSSEC, and
> setting VerifyHostKeyDNS ask in your /etc/ssh/ssh_config
I would, if I were in my company's IT department :-)
(All I'm doing is generating an ssh_known_hosts file that is accessible
to a handful of clients via a local fileserver. The network
infrastructure beyond that is completely out of my hands.)
> you can use the "sshfp" tool for that, which is exactly why I was
> interested in this bug. sshfp can AXFR a zone, and use ssh-keyscan to
> connect to all A records in the zone and print the SSHFP record to add
> in your zones.
Hmm, that could be useful. While I couldn't do much with the SSHFP
records, the AXFR->keyscan functionality would be useful. (Right now,
I'm doing the AXFR via host(1), and using a Perl script to reformat
that into a hosts list for ssh-keyscan(1).)
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list