[dns-operations] [Ssh] Re: Is anyone actually using SSHFP records?
George Michaelson
ggm at algebras.org
Thu Feb 27 00:47:45 UTC 2025
In the same spirit, I know a group using them but they're so prone to
bitrot, from OS upgrade, which with virtuals is a low cost operation and
mostly avoids issues for the real job of the machine: individuals keying
info is in their home states which copy in from other places, but the SSHFP
information is recreated in the new VM build, and then nobody remembers to
update the central view.
I think the record itself structurally is fine. But the operational duty
cycle over it, is probably not adequately integrated into systems. "Don't
forget to update your SSHFP record for this host" or "I am re-using the
host SSHID information you copied into my install process" type stories
would help.
-G
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20250227/d11e61ab/attachment.html>
More information about the dns-operations
mailing list