[Samba] ssh with certificates - was: AW: Samba Bind DLZ and Zone signing
Owen DeLong
Owen.Delong at ff.com
Mon Dec 11 16:13:24 UTC 2023
OpenSSH would prefer you to use certificates, they do not appear to
have the code to use SSHFP with DNSSEC.
This appears to be incorrect:
Configuring the SSH client to look for host keys in DNS
Easy peasy: either you can add the line VerifyHostKeyDNS yes to your ~/.ssh/config file, or you can supply it on the command line using ssh -o VerifyHostKeyDNS=yes.
delong-dhcp183:owen (146) ~ % ssh -o VerifyHostKeyDNS=yes owen.delong.com date 2023/12/11 8:06:47
Mon Dec 11 16:06:52 UTC 2023
0.022u 0.009s 0:02.83 0.7% 0+0k 0+0io 1pf+0w
delong-dhcp183:owen (148) ~ % ssh -V 2023/12/11 8:06:54
OpenSSH_9.3p2, LibreSSL 3.3.6
Samba
I suspect this is why the user is posting.
OpenSSH
Already done.
Bind
Already done.
Microsoft
Appears to be somewhat in progress, but yeah, I don’t think anyone is surprised that they are lagging on standards support.
Owen
More information about the samba
mailing list