如何为路由器等服务器生成 SSHFP DNS 记录,而该服务器不允许您以可理解的格式直接访问其密钥ssh-keygen -r machine?
在本地机器上读取ssh-keygen -r machine私钥。
答案1
要为远程 ssh 服务器生成 SSHFP 记录,请运行以下工具:
Little-Net:~ minfrin$ ssh-keyscan -D machine.example.com
; machine.example.com:22 SSH-2.0-ROSSSH
; machine.example.com:22 SSH-2.0-ROSSSH
machine.example.com IN SSHFP 1 1 d9d29098100fe5ebbb7d912a5b0d8cc13a32f557
machine.example.com IN SSHFP 1 2 61ac073f5cdfd6957f61d0af26450717d4eb59c2b02a6798410003d0dada7dcf
; machine.example.com:22 SSH-2.0-ROSSSH
来自 ssh-keyscan 手册页:
-D Print keys found as SSHFP DNS records. The default is to print keys in a format usable as a ssh(1) known_hosts file.