Hostbased login based on SSHFP DNS records?

Dominik Epple Dominik.Epple at
Sat Oct 18 01:33:34 EST 2008


is it possible to use SSHFP DNS records to enable password-free host-based login?

What I already got working is to use SSHFP DNS records to verify the server host keys.

debug1: found 2 secure fingerprints in DNS
debug1: matching host key fingerprint found in DNS

But hostbased login does not work and I still need to supply a password to log in. (Or to configure a known_hosts file on the server where my host key can be checked. But it is exactly this file that I want to get rid of because keeping this file up to date on a large cluster is a pain.)

Or is this impossible by design because only fingerprints are stored in SSHFP records, and not the public keys themselves?


GMX Kostenlose Spiele: Einfach online spielen und Spaß haben mit Pastry Passion!

More information about the openssh-unix-dev mailing list