"VerifyHostKeyDNS yes" does not work as expected

看板FB_questions作者時間11年前 (2014/05/16 02:01), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串2/4 (看更多)
Dear Colleagues, I have "VerifyHostKeyDNS yes" set in ~/.ssh/config. Yet when I connect to a host, I get: $ ssh admin.sibptus.ru The authenticity of host 'admin.sibptus.ru (212.73.125.240)' can't be established. ECDSA key fingerprint is 83:ca:c0:af:42:5c:35:30:38:d7:78:e3:1d:c9:c2:3e. Matching host key fingerprint found in DNS. Are you sure you want to continue connecting (yes/no)? Why does ssh not implicitly trust the key published in DNS? Why does it ask me? The "sibptus.ru" zone is DNSSEC enabled. The local resolver is configured with "dnssec-validation auto". What else am I missing? Thanks for any ideas. Here is some debug: http://pastebin.com/q12R7RPH -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:sudakov@sibptus.tomsk.ru _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
更多 vas. 的文章
文章代碼(AID): #1JTG3V5x (FB_questions)
更多 vas. 的文章
文章代碼(AID): #1JTG3V5x (FB_questions)