Outbound Link Summary:
1 month ago
p3k dots

Improving SSH's security with SSHFP DNS records.

Of course I wanted to try this immediately after hearing from SSHFP records for the first time! So here they are!

Unfortunately, Hetzner still does not support DNSSEC:

we are not currently planning to implement DNSSEC.

Without the DS record for p3k.org in the org zone the whole chain of trust breaks, and SSH still asks me whether I trust my own host 🙁