I’m trying to make SSHFP work. With these fingerprints in DNSSEC it
should be possible to verify a host through DNSSEC.
It seems I’m not the only one having problems. Take a look at Jan-Piet Mens blog.
At the moment I’m trying to link libbind9 with OpenSSH to use the
Bind resolver instead of the standard libresolv. This is suggested
in this bug report,
but I do not have that working, yet.
Accoring to this link it should be fully working with glibc version 2.11+. So it will not work on Redhat 5 or CentOS. On OpenBSD things work as expected and on OS X 10.6 (Snow Leopard) they don’t.
I’ve checked these Linux operating systems:
| OS and Version | (g)libc version | Working |
|---|---|---|
Ubuntu 10.04 |
2.11 |
Yes |
Ubuntu 11.04 |
2.12 |
Yes |
Ubuntu 11.10 |
2.13 |
Yes |
Fedora 14 |
2.13 |
Yes |
CentOS 5 |
2.5 |
No |
CentOS 6 |
2.12 |
Yes |
Arch Linux |
2.13 |
Yes |