I’m trying to make SSHFP work. With these fingerprints in DNSSEC it should
be possible to verify a host through DNSSEC.
It seems I’m not the only one having problems. Take a look at Jan-Piet Mens blog.
At the moment I’m trying to link libbind9 with OpenSSH to use the Bind
resolver instead of the standard libresolv. This is suggested in this bug
report, but I do not have
that working, yet.
Accoring to this link it should be fully working with glibc version 2.11+. So it will not work on Redhat 5 or CentOS. On OpenBSD things work as expected and on OS X 10.6 (Snow Leopard) they don’t.
I’ve checked these Linux operating systems:
| OS and Version | (g)libc version | Working |
|---|---|---|
| Ubuntu 10.04 | 2.11 | Yes |
| Ubuntu 11.04 | 2.12 | Yes |
| Ubuntu 11.10 | 2.13 | Yes |
| Fedora 14 | 2.13 | Yes |
| CentOS 5 | 2.5 | No |
| CentOS 6 | 2.12 | Yes |
| Arch Linux | 2.13 | Yes |