SSHFP Resource Record

from Wikipedia, the free encyclopedia

The SSHFP Resource Record (SSHFP for English Secure Shell (Key) Fingerprint ) is a DNS - Resource Record for SSH -Keys.

construction

       <Name> [<TTL>] [<Klasse>] SSHFP <Algorithmus> <Typ> <Fingerabdruck>
<name>
The domain name of the object to which the resource record belongs (optional)
<TTL>
Time to live (in seconds). Validity of the resource record (optional)
<class>
Protocol group to which the resource record belongs (optional)
<Algorithm>
Public key algorithm (0 = reserved, 1 = RSA , 2 = DSA , 3 = ECDSA , 4 = Ed25519 )
<type>
Type of fingerprint (0 = reserved, 1 = SHA-1 , 2 = SHA-256 )
<Fingerprint>
Hexadecimal representation of the key fingerprint

example

       host.example.com.  SSHFP 2 1 123456789abcdef67890123456789abcdef67890

In this example, a client can determine that the host with the DNS name host.example.com is using a DSA key with the SHA-1 fingerprint "123456789abcdef67890123456789abcdef67890".

Web links

  • RFC 4255 - Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints
  • RFC 6594 - Use of the SHA-256 Algorithm with RSA, Digital Signature Algorithm (DSA), and Elliptic Curve DSA (ECDSA) in SSHFP Resource Records