-- Leo's gemini proxy
-- Connecting to jacksonchen666.com:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini;lang=en
2023-07-14 16:43:03Z
It's actually pretty easy!
Assuming you have OpenSSH installed, just run `ssh-keyscan -D hostname` and you'll get BIND zone file format DNS records.
I then formatted that for use in deSEC.io (my DNS nameservers).
To utilize SSH key verification over DNS, you'll have to turn on the `VerifyHostKeyDNS` option.
For me on my computer... there isn't really a major benefit nor a minor one. Because I SSH into my server via private IP addresses, which has no DNS...
On the side where there is a benefit, it's not requiring a known host files for all of my builds.sr.ht manifest that reaches my server through SSH. Cool.
If `ssh-keyscan` doesn't work for you:
-- Response ended
-- Page fetched on Fri May 10 00:10:43 2024