Possible bug: SSH doesn't prefer host keys listed in SSHFP records while connecting.
koops1997 at gmail.com
Sun Feb 24 06:02:07 AEDT 2019
Well, SSHFP is supposed to only be used on DNSSEC-enabled domains.
On Sat, Feb 23, 2019 at 9:59 PM Peter Stuge <peter at stuge.se> wrote:
> Yegor Ievlev wrote:
> > It would make more sense to treat SSHFP records in the same way as
> > known_hosts
> I disagree with that - known_hosts is nominally a client-local configuration.
> I think it's a very bad idea to have the client start treating foreign network
> input as equivalent to local configuration.
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
More information about the openssh-unix-dev