Possible bug: SSH doesn't prefer host keys listed in SSHFP records while connecting.
peter at stuge.se
Sun Feb 24 06:15:35 AEDT 2019
Yegor Ievlev wrote:
> > I think it's a very bad idea to have the client start treating foreign
> > network input as equivalent to local configuration.
> Well, SSHFP is supposed to only be used on DNSSEC-enabled domains.
To the client it's still foreign input, even though it's signed by
(best case) the remote site DNS administrator.
More information about the openssh-unix-dev