Re: DNSSEC working but SSHFP reported as insecure

To: Debian Users ML <debian-user@lists.debian.org>
Subject: Re: DNSSEC working but SSHFP reported as insecure
From: Andre Rodier <andre@rodier.me>
Date: Sat, 03 Dec 2022 16:22:34 +0000
Message-id: <[🔎] 6e498bbd4f4ac24ae6b97e3cd03f2fae3adcc43c.camel@rodier.me>
In-reply-to: <[🔎] 7D588F23-6573-46D0-8038-797EF068BBFC@deccio.net>
References: <[🔎] 4a18c984199951a663af7b061164a1d008cb8c13.camel@rodier.me> <[🔎] 7D588F23-6573-46D0-8038-797EF068BBFC@deccio.net>

On Sat, 2022-12-03 at 09:19 -0700, Casey Deccio wrote:
> ssh -o VerifyHostKeyDNS=yes main.homebox.world

Yes, this is the default option in my ssh/config file.

I tried on the command line as well, but same result:

> ssh -o VerifyHostKeyDNS=yes main.homebox.world
> The authenticity of host 'main.homebox.world (78.141.231.71)' can't
> be established.
> ECDSA key fingerprint is
> SHA256:T23Vm3xnHp/jJlBXrvdrxEiu91pPzjVRPBfGLpu5yPY.
> Matching host key fingerprint found in DNS.
> Are you sure you want to continue connecting (yes/no/[fingerprint])?
> ^C

Reply to:

Follow-Ups:
- Re: DNSSEC working but SSHFP reported as insecure
  - From: Casey Deccio <casey@deccio.net>

References:
- DNSSEC working but SSHFP reported as insecure
  - From: Andre Rodier <andre@rodier.me>
- Re: DNSSEC working but SSHFP reported as insecure
  - From: Casey Deccio <casey@deccio.net>

Prev by Date: Re: DNSSEC working but SSHFP reported as insecure
Next by Date: GPG problems
Previous by thread: Re: DNSSEC working but SSHFP reported as insecure
Next by thread: Re: DNSSEC working but SSHFP reported as insecure
Index(es):
- Date
- Thread