[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#413240: ITP: sshfp -- DNS SSHFP records generator

Le samedi 03 mars 2007 à 17:19 +0100, Peter Mathiasson a écrit :
> On Sat, Mar 03, 2007 at 04:53:59PM +0100, Julien Valroff wrote:
> > Package: wnpp
> > Severity: wishlist
> > Owner: Julien Valroff <julien@kirya.net>
> > 
> > * Package name     : sshfp
> >   Version          : 1.1.1
> >   Upstream Authors : Paul Wouters <paul@xelerance.com> and Jake Appelbaum <jacob@appelbaum.net>
> > * URL              : http://www.xelerance.com/software/sshfp/
> > * License          : GPL
> >   Programming Lang : Python
> >   Description      : DNS SSHFP records generator
> > 
> > sshfp generates RFC4255 SSHFP DNS records based on the public keys stored in
> > a known_hosts file, or public keys can be obtained by using ssh-keyscan.
> > Serve these entries from the DNS server for your domain to provide
> > authentication via the ssh VerifyHostKeyDNS option.
> 
> What functionality does this provide over ssh-keygen included with openssh?

It does basically the same, except that ssh-keygen is limited as it can
only read entries from a key file. sshfp can read keys from a
known_hosts file or use ssh-keyscan to retrieve public keys.

It has also some more advanced features, like 'sshfp -s -a debian.org'
which can retrieves all host keys from a given domain (ok, don't use it
with debian.org, but quite useful for your local domain).

Cheers,
Julien
Reply to: