Outbound Link Summary:
2 months ago
Improving SSH's security with SSHFP DNS records.
Of course I wanted to try this immediately after hearing from SSHFP records for the first time! So here they are!
Unfortunately, Hetzner still does not support DNSSEC:
we are not currently planning to implement DNSSEC.
Without the DS record for p3k.org in the org zone the whole chain of trust breaks, and SSH still asks me whether I trust my own host 🙁