summaryrefslogtreecommitdiff
path: root/usr.bin/ssh/README.dns
diff options
context:
space:
mode:
Diffstat (limited to 'usr.bin/ssh/README.dns')
-rw-r--r--usr.bin/ssh/README.dns47
1 files changed, 0 insertions, 47 deletions
diff --git a/usr.bin/ssh/README.dns b/usr.bin/ssh/README.dns
deleted file mode 100644
index 97879183e39..00000000000
--- a/usr.bin/ssh/README.dns
+++ /dev/null
@@ -1,47 +0,0 @@
-How to verify host keys using OpenSSH and DNS
----------------------------------------------
-
-OpenSSH contains support for verifying host keys using DNS as described in
-draft-ietf-secsh-dns-05.txt. The document contains very brief instructions
-on how to use this feature. Configuring DNS is out of the scope of this
-document.
-
-
-(1) Server: Generate and publish the DNS RR
-
-To create a DNS resource record (RR) containing a fingerprint of the
-public host key, use the following command:
-
- ssh-keygen -r hostname -f keyfile -g
-
-where "hostname" is your fully qualified hostname and "keyfile" is the
-file containing the public host key file. If you have multiple keys,
-you should generate one RR for each key.
-
-In the example above, ssh-keygen will print the fingerprint in a
-generic DNS RR format parsable by most modern name server
-implementations. If your nameserver has support for the SSHFP RR
-you can omit the -g flag and ssh-keygen will print a standard SSHFP RR.
-
-To publish the fingerprint using the DNS you must add the generated RR
-to your DNS zone file and sign your zone.
-
-
-(2) Client: Enable ssh to verify host keys using DNS
-
-To enable the ssh client to verify host keys using DNS, you have to
-add the following option to the ssh configuration file
-($HOME/.ssh/config or /etc/ssh/ssh_config):
-
- VerifyHostKeyDNS yes
-
-Upon connection the client will try to look up the fingerprint RR
-using DNS. If the fingerprint received from the DNS server matches
-the remote host key, the user will be notified.
-
-
- Jakob Schlyter
- Wesley Griffin
-
-
-$OpenBSD: README.dns,v 1.2 2003/10/14 19:43:23 jakob Exp $