is it possible to use SSHFP DNS records to enable password-free host-based login?

What I already got working is to use SSHFP DNS records to verify the serverhost keys.

debug1: found 2 secure fingerprints in DNS
debug1: matching host key fingerprint found in DNS

But hostbased login does not work and I still need to supply a password to log in. (Or to configure a known_hosts file on the server where my host keycan be checked. But it is exactly this file that I want to get rid of because keeping this file up to date on a large cluster is a pain.)

Or is this impossible by design because only fingerprints are stored in SSHFP records, and not the public keys themselves?


GMX Kostenlose Spiele: Einfach online spielen und Spaß haben mit Pastry Passion!
openssh-unix-dev mailing list