SSHFP record

From Wikipedia, the free encyclopedia
  (Redirected from SSHFP)
Jump to navigation Jump to search

A Secure Shell fingerprint record (abbreviated as SSHFP record) is a type of resource record in the Domain Name System (DNS) which identifies SSH keys that are associated with a host name. The acquisition of an SSHFP record needs to be secured with a mechanism such as DNSSEC for a chain of trust to be established.

Structure[edit]

<Name> [<TTL>] [<Class>] SSHFP <Algorithm> <Type> <Fingerprint>
<Name>
The domain name of the object to which the resource record belongs (optional)
<TTL>
Time to live (in seconds). Validity of Resource Records (optional)
<Class>
Protocol group to which the resource record belongs (optional)
<Algorithm>
Algorithm (0: reserved; 1: RSA;[1] 2: DSS,[1] 3: ECDSA;[2] 4: Ed25519[3])
<Type>
Algorithm used to hash the public key (0: reserved; 1: SHA-1;[1] 2: SHA-256[2])
<Fingerprint>
Hexadecimal representation of the hash result, as text

Example[edit]

host.example.com.  SSHFP 2 1 123456789abcdef67890123456789abcdef67890

In this example, the host with the domain name host.example.com uses a DSA key with the SHA-1 fingerprint 123456789abcdef67890123456789abcdef67890.

See also[edit]

References[edit]

  1. ^ a b c "RFC 4255 — Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints". January 2006. Retrieved 2017-12-28.
  2. ^ a b "RFC 6594 — Use of the SHA-256 Algorithm with RSA, Digital Signature Algorithm (DSA), and Elliptic Curve DSA (ECDSA) in SSHFP Resource Records". April 2012. Retrieved 2017-12-28.
  3. ^ "RFC 7479 — Using Ed25519 in SSHFP Resource Records". March 2015. Retrieved 2017-12-28.