How do I generate an SSHFP record from a remote ssh server (like a router)?

Question

How do I generate an SSHFP DNS records for a server like a router that does not give you direct access to their keys in a format that ssh-keygen -r machine understands?

The ssh-keygen -r machine reads private keys on the local machine.

score 2 · Accepted Answer · answered Sep 08 '20 at 16:19

To generate an SSHFP record for a remote ssh server, run the following tool:

Little-Net:~ minfrin$ ssh-keyscan -D machine.example.com
; machine.example.com:22 SSH-2.0-ROSSSH
; machine.example.com:22 SSH-2.0-ROSSSH
machine.example.com IN SSHFP 1 1 d9d29098100fe5ebbb7d912a5b0d8cc13a32f557
machine.example.com IN SSHFP 1 2 61ac073f5cdfd6957f61d0af26450717d4eb59c2b02a6798410003d0dada7dcf
; machine.example.com:22 SSH-2.0-ROSSSH

How do I generate an SSHFP record from a remote ssh server (like a router)?

1 Answers1