Software : sshfp
URL : http://www.xelerance.com/software/sshfp/
Source : ftp://ftp.xelerance.com/sshfp/
License : GPLv2+
Mailinglist : http://lists.xelerance.com/mailman/listinfo/sshfp/
Authors : Paul Wouters, Chrisopher Olah
Summary : Generate RFC-4255 SSHFP DNS records from known_hosts files or ssh-keyscan
sshfp generates DNS SSHFP records from SSH public keys. sshfp can take public keys from a known_hosts file or from scanning the host's sshd daemon. The ssh client can use these SSHFP records if you set "VerifyHostKeyDNS yes" in the file /etc/ssh/ssh_config or ~/.ssh/config. See RFC-4255
When using the AXFR method, sshfp supports:
- IPv4 A record and IPv6 AAAA host lookups
- Support for multiple ports to be listed on the CLI
- Regex filtering of included hosts
- Only output unique results
sshfp requires python-dns: http://www.pythondns.org
pip install dnspython
# Quickstart
git clone [email protected]:jinnko/sshfp.git
cd sshfp
virtualenv -p python2.7 ./
bin/pip install dnspython
bin/python sshfp --port 22 --port 2022 --scan --all --regex '^(aws|do|gce)' example.com