[Bug 1898590] Re: Verify DNS fingerprints not working
Seth Arnold
1898590 at bugs.launchpad.net
Wed Oct 7 00:32:47 UTC 2020
Hello, dig will do dns lookups itself, it doesn't rely on the host
resolver configuration. Does your host resolver configuration support
dnssec? It might be worth using tcpdump or tshark or wireshark to see if
the queries are properly formed, and if the replies are correct.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1898590
Title:
Verify DNS fingerprints not working
Status in openssh package in Ubuntu:
New
Bug description:
When setting in /etc/ssh/ssh_config VerifyHostKeyDNS to yes the fingerprints are fetched, but the result is always:
debug1: found n insecure fingerprints in DNS
With dig +dnssec -tsshfp hostname the result is ok: ad flg is set.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1898590/+subscriptions
More information about the foundations-bugs
mailing list