On Sun, May 05, 2019 at 12:50:20PM -0500, Segher Boessenkool via cfarm-users wrote: > On Sun, May 05, 2019 at 11:50:14PM +0700, Lzu Tao via cfarm-users wrote: > > Do we have SSH key fingerprints of each gcc farm machine > > in the website? I need it when connecting to each machine > > for security purposes. > > Do you want just the a list of the fingerprints, not signed or anything?
SSHFP records can be used to supply host key fingerprints securely via DNSSEC: https://blog.webernetz.net/sshfp-authenticate-ssh-fingerprints-via-dnssec/ It looks like fsffrance.org uses gandi's nameservers and gandi supports DNSSEC easily, though I guess there may be reasons not to use it for all of fsffrance.org and it'd be more complicated to set up for just the gcc hosts. But even a list on an https protected web page seems better than just having to trust on first use. Cheers, Olly _______________________________________________ cfarm-users mailing list cfarm-users@lists.tetaneutral.net https://lists.tetaneutral.net/listinfo/cfarm-users
