Le samedi 03 mars 2007 à 17:19 +0100, Peter Mathiasson a écrit : > On Sat, Mar 03, 2007 at 04:53:59PM +0100, Julien Valroff wrote: > > Package: wnpp > > Severity: wishlist > > Owner: Julien Valroff <[EMAIL PROTECTED]> > > > > * Package name : sshfp > > Version : 1.1.1 > > Upstream Authors : Paul Wouters <[EMAIL PROTECTED]> and Jake Appelbaum > > <[EMAIL PROTECTED]> > > * URL : http://www.xelerance.com/software/sshfp/ > > * License : GPL > > Programming Lang : Python > > Description : DNS SSHFP records generator > > > > sshfp generates RFC4255 SSHFP DNS records based on the public keys stored in > > a known_hosts file, or public keys can be obtained by using ssh-keyscan. > > Serve these entries from the DNS server for your domain to provide > > authentication via the ssh VerifyHostKeyDNS option. > > What functionality does this provide over ssh-keygen included with openssh?
It does basically the same, except that ssh-keygen is limited as it can only read entries from a key file. sshfp can read keys from a known_hosts file or use ssh-keyscan to retrieve public keys. It has also some more advanced features, like 'sshfp -s -a debian.org' which can retrieves all host keys from a given domain (ok, don't use it with debian.org, but quite useful for your local domain). Cheers, Julien
