SSHFP record
A Secure Shell fingerprint record (abbreviated as SSHFP record) is a type of resource record in the Domain Name System (DNS) which identifies SSH keys that are associated with a host name. The acquisition of an SSHFP record needs to be secured with a mechanism such as DNSSEC for a chain of trust to be established.
Structure
<''Name''> [<''[[Time to Live|TTL]]''>] [<''Class''>] SSHFP <''[[Algorithm]]''> <''Type''> <''[[Hash function|Fingerprint]]''>
- <Name>
- The name of the object to which the resource record belongs (optional)
- <TTL>
- Time to live (in seconds). Validity of Resource Records (optional)
- <Class>
- Protocol group to which the resource record belongs (optional)
- <Algorithm>
- Algorithm (0: reserved; 1: RSA;[1] 2: DSA,[1] 3: ECDSA;[2] 4: Ed25519[3])
- <Type>
- Algorithm used to hash the public key (0: reserved; 1: SHA-1;[1] 2: SHA-256[2])
- <Fingerprint>
- Hexadecimal representation of the hash result, as text
Example
host.example.com. SSHFP 2 1 123456789abcdef67890123456789abcdef67890
In this example, the host with the domain name host.example.com
uses a DSA key with the SHA-1 fingerprint 123456789abcdef67890123456789abcdef67890
.
gollark: 64k *fluid* cells? That's so useless.
gollark: Probably due to the lack of tooling for producing them on-demand.
gollark: Fluids are, for some weird coincidental reason, mostly produced in bulk.
gollark: Why would they not?!
gollark: Also, use P2P for moar channels.
See also
References
- "RFC 4255 — Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints". January 2006. Retrieved 2017-12-28.
- "RFC 6594 — Use of the SHA-256 Algorithm with RSA, Digital Signature Algorithm (DSA), and Elliptic Curve DSA (ECDSA) in SSHFP Resource Records". April 2012. Retrieved 2017-12-28.
- "RFC 7479 — Using Ed25519 in SSHFP Resource Records". March 2015. Retrieved 2017-12-28.
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.