Hostbased login based on SSHFP DNS records?

Damien Miller djm at
Sat Oct 18 14:18:09 EST 2008

On Fri, 17 Oct 2008, Dominik Epple wrote:

> Hi,
> is it possible to use SSHFP DNS records to enable password-free
> host-based login?

No - SSHFP is currently only used to publicise the server's key to the
client and can't be used to identify the client to the server.

It might be possible to adapt it for use by hostbased authentication,
but I don't think there is much sense in extending it until DNSSEC is
deployed more extensively.


More information about the openssh-unix-dev mailing list