Usage:
./sshfpgen
This is a small shell script that uses commonly available utilities to generate textual representations of SSHFP RRs from the host keys on the current host. Copy and paste the output into your own BIND zone file.
Read RFC 4255, RFC 6594, and the IANA registry for applicable parameters for all you could ever want to know about this DNS RR type.
This script depends upon
- OpenSSL --- Provides cryptographic hash (message digest) computation
- xxd --- Converts between binary and hexidecimal encoding (ships with vim)
Per the OpenSSH convention, this script will seek the following files as input:
/etc/ssh/ssh_host_rsa_key.pub
/etc/ssh/ssh_host_dsa_key.pub
/etc/ssh/ssh_host_ecdsa_key.pub
Future versions (patches accepted) may permit command line arguments to generate specific record types for arbitrary SSH keys.