Can't verify ECDSA fingerprints thought DNS in wheezy ?

To: debian-ssh@lists.debian.org
Subject: Can't verify ECDSA fingerprints thought DNS in wheezy ?
From: Olivier Bonvalet <debian.list@daevel.fr>
Date: Wed, 03 Oct 2012 16:41:07 +0200
Message-id: <[🔎] 506C4E83.1000007@daevel.fr>

Hi,

I'm just trying wheezy, and I have a problem with OpenSSH on my new setup :

Debian now use by default ECDSA algorythm for SSH keys, which is fine,but in OpenSSH 6.0 the client is not able to verify fingerprints via DNS(SSHFP records), since this was added in OpenSSH 6.1.

Also, "ssh-keygen -r XXX" doesn't allow to easy build SSHFP records forECDSA keys.

If you want to try : tstwheezy.daevel.fr is a test server runningwheezy, and DNS records contains all the SSHFP entries (without DNSSEC,but it's for testing purpose).

I suppose it's too late to push OpenSSH 6.1 in Debian Wheezy, but is itpossible to backport the SSHFP job ? (I probably can do that job)


thanks,
Olivier B.

PS : please CC me

Reply to:

Next by Date: Bug#690230: ssh-copy-id: Work on SELinux enabled boxen
Next by thread: Bug#690230: ssh-copy-id: Work on SELinux enabled boxen
Index(es):
- Date
- Thread