SSHFP record
A Secure Shell fingerprint record is a type of resource record in the Domain Name System which identifies SSH keys that are associated with a host name. The acquisition of an SSHFP record needs to be secured with a mechanism such as DNSSEC for a chain of trust to be established.
Structure
; : The name of the object to which the resource record belongs; : Time to live. Validity of Resource Records
; : Protocol group to which the resource record belongs
; : Algorithm
; : Algorithm used to hash the public key
; : Hexadecimal representation of the hash result, as text
Example
In this example, the host with the domain namehost.example.com uses a Ed25519 key with the SHA-256 fingerprint 123456789abcdef67890123456789abcdef67890.This output would be produced by a
ssh-keygen -r host.example.com. command on the target server by reading the existing default SSH host key. In newer releases of the OpenSSH suite, ssh-keyscan -D $HOSTNAME can be used to produce a similar result, by connecting to the host over the network.