Can't verify ECDSA fingerprints thought DNS in wheezy ?
Hi,
I'm just trying wheezy, and I have a problem with OpenSSH on my new setup :
Debian now use by default ECDSA algorythm for SSH keys, which is fine,
but in OpenSSH 6.0 the client is not able to verify fingerprints via DNS
(SSHFP records), since this was added in OpenSSH 6.1.
Also, "ssh-keygen -r XXX" doesn't allow to easy build SSHFP records for
ECDSA keys.
If you want to try : tstwheezy.daevel.fr is a test server running
wheezy, and DNS records contains all the SSHFP entries (without DNSSEC,
but it's for testing purpose).
I suppose it's too late to push OpenSSH 6.1 in Debian Wheezy, but is it
possible to backport the SSHFP job ? (I probably can do that job)
thanks,
Olivier B.
PS : please CC me
Reply to: