Date: Thu, 12 Jun 2014 12:45:51 +0700 From: Victor Sudakov <vas@mpeks.tomsk.su> To: freebsd-questions@freebsd.org Subject: Re: "VerifyHostKeyDNS yes" does not work as expected Message-ID: <20140612054551.GA37354@admin.sibptus.tomsk.ru>
next in thread | raw e-mail | index | archive | help
Victor Sudakov wrote: > > I have "VerifyHostKeyDNS yes" set in ~/.ssh/config. Yet when I > connect to a host, I get: If anyone has DNSSEC enabled in their resolver, could you please try and ssh to noc.sibptus.ru and report if your ssh client trusts the host keys in DNS? Please report your OS version too. > > Why does ssh not implicitly trust the key published in DNS? Why does > it ask me? > > The "sibptus.ru" zone is DNSSEC enabled. The local resolver is > configured with "dnssec-validation auto". What else am I missing? > -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:sudakov@sibptus.tomsk.ru
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140612054551.GA37354>