FreeBSD server pubic keys

Matthew Seaman matthew at
Wed Dec 18 17:11:13 UTC 2013

On 12/18/13 12:39, David Noel wrote:
> There was a file somewhere that I no longer seem able to locate that
> contained the public keys of all public-facing servers.
> Does anyone know where to locate this?

From the DNS.  Eg.

:% dig +short IN SSHFP
1 2 4B493272CCCDD234C02ADE8FAFD4E772E5A3C775364B6BCAEEE7A98B 16E4AB04
2 2 7F76BEFD3EAB7FB3C38AC650DC1EC74426523CEE208399A86E896BCB 82E49582
3 1 E37999A583E73F49B22D19C306FB69D161D15988
1 1 B35C16D3DA4B7FE15C15A55E7B6465231F9EDE84
2 1 901699919C153B6040062BFAD12FC328DB9D4FA7
3 2 A9B851FE028353393112F74DB6C4E547BB8CEA66E3F1443680C421A1 B5EB420F

Those are the SSH public keys for that server, albeit encoded in an
unusual way.  Setting up your local ssh config so that it looks up host
keys as a verification step is as simple as putting this:

Host *
     VerifyHostKeyDNS yes

into /etc/ssh/ssh_config



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1029 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the freebsd-questions mailing list