Package: openssh-client Hi,
now that eglibc supports RES_USE_DNSSEC in experimental (cf #569592), the version which - AIUI - should eventually end up in squeeze, it would be nice if Debian's ssh client could make use of that when resolving a host's sshfp record. Fedora has a small patch against openssh's dns code at https://cvs.fedoraproject.org/viewvc/F-12/openssh/openssh-5.2p1-edns.patch?revision=1.1&view=markup When this patch is applied to ssh and ssh is built against a 2.11 glibc, then ssh will no longer prompt for verification of ssh hostkeys if they are both secured by dnssec and the user selected to trust the dns (-o VerifyHostKeyDNS=yes). | [sid] wea...@intrepid:~$ ssh -vv -o VerifyHostKeyDNS=yes ravel.debian.org .. | debug1: found 1 secure fingerprints in DNS | debug1: matching host key fingerprint found in DNS .. Please consider applying that patch, or doing whatever else is necessary so that ssh makes proper use of sshfp records. Thanks, weasel -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
