#9380 fedorapeople.org SSHFP record mismatch
Closed: Invalid 3 years ago by pemensik. Opened 3 years ago by pemensik.

Describe what you would like us to do:

I have tried ssh fedorapeople.org. I have VerifyHostKeyDNS yes in /etc/ssh/ssh_config. dig fedorapeople.org SSHFP returned result. So I was surprised.

# ssh-keyscan -D fedorapeople.org 2>&1 | tr a-f A-F | grep -v '^;'
FEDorApEoplE.org IN SSHFP 1 1 5829B0460C2E9296BDBD835416C2615DCF80D22A
FEDorApEoplE.org IN SSHFP 1 2 B0369E7D313C9F8E7C90EFB53844CB43D98F11A1AB84396767C57BF699FF30C3

Compared them with DNS records.

# dig +short fedorapeople.org sshfp
1 1 5829B0460C2E9296BDBD835416C2615DCF80D22A
1 2 B0369E7D313C9F8E7C90EFB53844CB43D98F11A1AB84396767C57BF6 99FF30C3

Compared results. The short one matches, the longer does not. And ssh asks for fingerprint verification.


When do you need this to be done by? (YYYY/MM/DD)

2020/10/10

Not needed, but appreciated



Metadata Update from @pemensik:
- Issue close_status updated to: Invalid
- Issue status updated to: Closed (was: Open)

3 years ago

Sorry, my comparing omitted the space. It matches after correction.

Login to comment on this ticket.

Metadata