Dnssec

Recently, a colleague told me about the existance of SSHFP DNS records. A way to verify that you’re actually connecting to the host you’re expecting to connect to.

Here’s how you can set it up for yourself:

1: Run this command

➜  ~ ssh-keygen -r $hostname

2: ??? \ 3: Profit!

In all seriousness: you’re now going to see the records you need to add that are specific to the server you ran the command on. It looks something like this: