The DNS SSHFP record (Secure Shell fingerprint record) contains fingerprint of the public keys used for SSH connection. They are used especially along domains with allowed DNSSEC. SSHFP record checks during the SSH client connection attempt if the public keys are matching to the keys on the server and if it is secure to connect the client to the server.
Record structure
Name – sets the domain the record is created for
TTL – time to live – defines for how long the internet provider’s servers can remember this DNS setting. It is set in seconds.
Algorithm – algorithm that is used for public key generation
0 – reserved value
1 – RSA
2 – DSA
3 – ECDSA
4 – ED25519
Type – message-digest algoritmus used for fingerprint generation
0 – reserved value
1 – SHA-1
2 – SHA-256
Fingerprint – fingerprint of the server public key
Record example:
host.example.com. 1800 SSHFP 2 1 123456789abcdef67890123456789abcdef67890
The setting is available in the Webadmin interface. The process is as follows:
- Log in to the Webadmin
- Select your domain
- Select the DNS in the left menu, then select DNS settings
- Select the SSHFP
5. To create a new record, simply select the button Create new record.