Re: "VerifyHostKeyDNS yes" does not work as expected
Victor Sudakov wrote:
>
> I have "VerifyHostKeyDNS yes" set in ~/.ssh/config. Yet when I
> connect to a host, I get:
If anyone has DNSSEC enabled in their resolver, could you please try
and ssh to noc.sibptus.ru and report if your ssh client trusts the host
keys in DNS?
Please report your OS version too.
>
> Why does ssh not implicitly trust the key published in DNS? Why does
> it ask me?
>
> The "sibptus.ru" zone is DNSSEC enabled. The local resolver is
> configured with "dnssec-validation auto". What else am I missing?
>
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:sudakov@sibptus.tomsk.ru
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 4 之 4 篇):