On Fri, 17 Oct 2008, Dominik Epple wrote:

> Hi,
> is it possible to use SSHFP DNS records to enable password-free
> host-based login?

No - SSHFP is currently only used to publicise the server's key to the
client and can't be used to identify the client to the server.

It might be possible to adapt it for use by hostbased authentication,
but I don't think there is much sense in extending it until DNSSEC is
deployed more extensively.

openssh-unix-dev mailing list