HOME

TheInfoList



Click Here for Items Related To - SSHFP record
OR:
SSHFP record on:   [Wikipedia]   [Google]   [Amazon]

A Secure Shell fingerprint record (abbreviated as SSHFP record) is a type of
resource record The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned to ...
in the
Domain Name System The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned to ...
(DNS) which identifies
SSH The Secure Shell Protocol (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution. SSH applications are based on a ...
keys that are associated with a host name. The acquisition of an SSHFP record needs to be secured with a mechanism such as
DNSSEC The Domain Name System Security Extensions (DNSSEC) are a suite of extension specifications by the Internet Engineering Task Force (IETF) for securing data exchanged in the Domain Name System (DNS) in Internet Protocol (IP) networks. The protocol ...
for a chain of trust to be established.


Structure

; : The name of the object to which the resource record belongs (optional) ; : Time to live (in seconds). Validity of Resource Records (optional) ; : Protocol group to which the resource record belongs (optional) ; : Algorithm (0: reserved; 1: RSA; 2: DSA, 3:
ECDSA In cryptography, the Elliptic Curve Digital Signature Algorithm (ECDSA) offers a variant of the Digital Signature Algorithm (DSA) which uses elliptic-curve cryptography. Key and signature-size As with elliptic-curve cryptography in general, the b ...
; 4:
Ed25519 In public-key cryptography, Edwards-curve Digital Signature Algorithm (EdDSA) is a digital signature scheme using a variant of Schnorr signature based on twisted Edwards curves. It is designed to be faster than existing digital signature schemes ...
6:
Ed448 In public-key cryptography, Edwards-curve Digital Signature Algorithm (EdDSA) is a digital signature scheme using a variant of Schnorr signature based on twisted Edwards curves. It is designed to be faster than existing digital signature scheme ...
;) ; : Algorithm used to hash the public key (0: reserved; 1:
SHA-1 In cryptography, SHA-1 (Secure Hash Algorithm 1) is a cryptographically broken but still widely used hash function which takes an input and produces a 160-bit (20-byte) hash value known as a message digest – typically rendered as 40 hexadecima ...
; 2:
SHA-256 SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. They are built using the Merkle–Damgård construction, from a one-way compression ...
) ; :
Hexadecimal In mathematics and computing, the hexadecimal (also base-16 or simply hex) numeral system is a positional numeral system that represents numbers using a radix (base) of 16. Unlike the decimal system representing numbers using 10 symbols, hexa ...
representation of the hash result, as text


Example

In this example, the host with the domain name host.example.com uses a DSA key with the SHA-1 fingerprint 123456789abcdef67890123456789abcdef67890. With the
OpenSSH OpenSSH (also known as OpenBSD Secure Shell) is a suite of secure networking utilities based on the Secure Shell (SSH) protocol, which provides a secure channel over an unsecured network in a client–server architecture. Network Working Gr ...
suite, the ssh-keyscan utility can be used to determine the fingerprint of a host's key; using the -D will print out the SSHFP record directly.


See also

*
List of DNS record types This list of DNS record types is an overview of resource records (RRs) permissible in zone files of the Domain Name System The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resour ...


References

{{cite web , url=https://tools.ietf.org/html/rfc8709 , title=RFC 8709 — Ed25519 and Ed448 Public Key Algorithms for the Secure Shell (SSH) Protocol , date=February 2020 , access-date=2021-10-16 Internet Standards Internet protocols DNS record types Key management Secure Shell