SSHFP Generator

Generate SSHFP (SSH Fingerprint) records to enable DNS-based SSH host key verification and authentication.

Domain Configuration

SSHFP Parameters

RSA - Traditional RSA algorithm (most common)
SHA-1 - Legacy hash algorithm (160-bit)

SSH Key Data

Validation

Status: Invalid
SSH public key is required
SHA-1 is deprecated - use SHA-256 for new deployments

SSH Client Configuration

To enable SSHFP verification in SSH clients:

ssh -o "VerifyHostKeyDNS=yes" [email protected]

Or add to ~/.ssh/config:

Host example.com
  VerifyHostKeyDNS yes

Security Best Practices

  • Use Ed25519 (algorithm 4) for new SSH key deployments
  • Prefer SHA-256 (type 2) over SHA-1 (type 1) for fingerprints
  • Deploy SSHFP records for all SSH host keys on your servers
  • Update SSHFP records when rotating SSH host keys
  • Configure SSH clients to verify SSHFP records for enhanced security
Example Configurations