Possible bug: SSH doesn't prefer host keys listed in SSHFP records while connecting.

Yegor Ievlev koops1997 at gmail.com
Sun Feb 24 06:02:07 AEDT 2019

Well, SSHFP is supposed to only be used on DNSSEC-enabled domains.

On Sat, Feb 23, 2019 at 9:59 PM Peter Stuge <peter at stuge.se> wrote:
> Yegor Ievlev wrote:
> > It would make more sense to treat SSHFP records in the same way as
> > known_hosts
> I disagree with that - known_hosts is nominally a client-local configuration.
> I think it's a very bad idea to have the client start treating foreign network
> input as equivalent to local configuration.
> //Peter
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

More information about the openssh-unix-dev mailing list