[Dnsmasq-discuss] dnsmasq and sshfp records

Gerd Koenig koenig.bodensee at googlemail.com
Thu May 24 18:57:23 BST 2012 

Hi Richard,

thanks for answering....

Yes, it is possible to add both lines as a TXT-Record, but this is not what
I really want ;-) .
In the end I want to be able to establish a ssh connection to a remote host
and its public key should be offered by DNS. Therefore I have to add the
keys as "SSHFP-Record"s, so that I'm able to call via <<ssh
user at remotehost-o "VerifyHostKeyDNS=yes">> and get a result line like
"Matching host key
fingerprint found in DNS".

Since I've nothing found, seems like dnsmasq doesn't support SSHFP-Records,
right ?!?!

br...: Gerd :...

On 24 May 2012 17:47, richardvoigt at gmail.com <richardvoigt at gmail.com> wrote:

> dnsmasq doesn't use zone files.  You can try with txt-record= (see the
> man page for details)
>
> On Thu, May 24, 2012 at 5:44 AM, Gerd Koenig
> <koenig.bodensee at googlemail.com> wrote:
> > Hi List,
> >
> > I'm currently looking for a solution to provide ssh-keys via DNS. Seems
> like
> > sshfp records will solve this issue ... so far so good.
> > Since we are using dnsmasq as dns/dhcp/pxe-server I wanted to ask how to
> put
> > the generated sshfp records into dnsmasq ???
> > After searching for a while I got only guides for "how to create sshfp
> > records" or things like "put your sshfp records into dns"....not that
> > helpful.
> >
> > Can somebody enlighten me if it is possible to offer ssh keys via
> dnsmasq,
> > and how to configure it ?
> >
> > I tried it similar to the TXT-Records, therefore I created a config-file
> > sshfp.conf and inserted:
> > ""
> > myhost SSHFP 1 1 cbe4...c6dc
> > myhost SSHFP 2 1 20ea...b241
> > ""
> > But if I want to start dnsmasq I got the error:
> > ""
> > Starting DNS forwarder and DHCP server: dnsmasq
> > dnsmasq: bad option at line 1 of /etc/dnsmasq.d/sshfp.conf
> >  failed!
> > ""
> >
> >
> > any help appreciated...: Gerd :....
> >
> >
> > _______________________________________________
> > Dnsmasq-discuss mailing list
> > Dnsmasq-discuss at lists.thekelleys.org.uk
> > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20120524/652e25ed/attachment.html>

More information about the Dnsmasq-discuss mailing list