[cfarm-users] SSH key fingerprints for gcc farm machine
Olly Betts
olly at survex.com
Sun May 5 20:53:52 CEST 2019
On Sun, May 05, 2019 at 12:50:20PM -0500, Segher Boessenkool via cfarm-users wrote:
> On Sun, May 05, 2019 at 11:50:14PM +0700, Lzu Tao via cfarm-users wrote:
> > Do we have SSH key fingerprints of each gcc farm machine
> > in the website? I need it when connecting to each machine
> > for security purposes.
>
> Do you want just the a list of the fingerprints, not signed or anything?
SSHFP records can be used to supply host key fingerprints securely via
DNSSEC:
https://blog.webernetz.net/sshfp-authenticate-ssh-fingerprints-via-dnssec/
It looks like fsffrance.org uses gandi's nameservers and gandi supports
DNSSEC easily, though I guess there may be reasons not to use it for all
of fsffrance.org and it'd be more complicated to set up for just the
gcc hosts.
But even a list on an https protected web page seems better than just
having to trust on first use.
Cheers,
Olly
More information about the cfarm-users
mailing list