Hi,

is it possible to use SSHFP DNS records to enable password-free host-based login?

What I already got working is to use SSHFP DNS records to verify the serverhost keys.

debug1: found 2 secure fingerprints in DNS
debug1: matching host key fingerprint found in DNS

But hostbased login does not work and I still need to supply a password to log in. (Or to configure a known_hosts file on the server where my host keycan be checked. But it is exactly this file that I want to get rid of because keeping this file up to date on a large cluster is a pain.)

Or is this impossible by design because only fingerprints are stored in SSHFP records, and not the public keys themselves?

Regards,
Dominik




--
GMX Kostenlose Spiele: Einfach online spielen und Spaß haben mit Pastry Passion!
http://games.entertainment.gmx.net/d...puzzle/6169196
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/li...enssh-unix-dev