SSHFP Record
   HOME

TheInfoList



Click Here for Items Related To - SSHFP Record
OR:
SSHFP Record on:   [Wikipedia]   [Google]   [Amazon]

A Secure Shell fingerprint record (abbreviated as SSHFP record) is a type of resource record in the
Domain Name System The Domain Name System (DNS) is a hierarchical and distributed name service that provides a naming system for computers, services, and other resources on the Internet or other Internet Protocol (IP) networks. It associates various information ...
(DNS) which identifies SSH keys that are associated with a host name. The acquisition of an SSHFP record needs to be secured with a mechanism such as DNSSEC for a chain of trust to be established.


Structure

; : The name of the object to which the resource record belongs (optional) ; : Time to live (in seconds). Validity of Resource Records (optional) ; : Protocol group to which the resource record belongs (optional) ; : Algorithm (0: reserved, 1: RSA, 2: DSA, 3: ECDSA, 4: Ed25519, 6: Ed448) ; : Algorithm used to hash the public key (0: reserved, 1: SHA-1, 2:
SHA-256 SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. They are built using the Merkle–Damgård construction, from a one-way compressi ...
) ; :
Hexadecimal Hexadecimal (also known as base-16 or simply hex) is a Numeral system#Positional systems in detail, positional numeral system that represents numbers using a radix (base) of sixteen. Unlike the decimal system representing numbers using ten symbo ...
representation of the hash result, as text


Example

In this example, the host with the domain name host.
example.com The domain names example.com, example.net, example.org, and example.edu are second-level domain names in the Domain Name System of the Internet. They are reserved by the Internet Assigned Numbers Authority (IANA) at the direction of the Inter ...
 uses a Ed25519 key with the
SHA-256 SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. They are built using the Merkle–Damgård construction, from a one-way compressi ...
fingerprint 123456789abcdef67890123456789abcdef67890. This output would be produced by a ssh-keygen -r host.example.com. command on the target server by reading the existing default SSH host key (Ed25519). In newer releases of the OpenSSH suite, ssh-keyscan -D $HOSTNAME can be used to produce a similar result, by connecting to the host over the network.


See also

* List of DNS record types


References

{{cite web , url=https://tools.ietf.org/html/rfc8709 , title=RFC 8709 — Ed25519 and Ed448 Public Key Algorithms for the Secure Shell (SSH) Protocol , date=February 2020 , access-date=2021-10-16 , last1=Harris , first1=Ben , last2=Velvindron , first2=Loganaden Internet Standards Internet protocols DNS record types Key management Secure Shell