mirror of
https://gitea.blesmrt.net/mikaela/shell-things.git
synced 2025-03-03 05:00:38 +01:00
Mikaela Suomalainen
e634ee8863
OpenSSH is evil and gives you three not-optimal options to this: A) trust DNSSEC and don't write known_hosts B) ask whether to trust DNS, but don't bother telling me if it's signed C) don't even check SSHFP I see A) as the least evil, but I wish known_hosts was written. Alternatively B) should tell me whether there is DNSSEC or not, not only "matching keys found from DNS" or whatever it says always.