Cannot pkg upgrade WindowMaker 0.95.7 -> 0.95.8

Matthew Seaman matthew at
Tue Oct 10 15:47:45 UTC 2017

On 10/10/2017 16:12, James Geering wrote:
> Another newbie questions I'm afraid but I cannot find the answer in the
> documentation
> or from google.
> I am performing an svn checkout on the ports/head and of course am asked
> to accept
> the ECDSA key fingerprint.  I'd rather not do this blindly and so would
> like to check the
> fingerprint as per normal.  However, I cannot find a list of
> fingerprints for the FreeBSD
> servers.  Where can I find these please so that I can add it to my known
> hosts.

FreeBSD servers have SSHFP records in the DNS -- so you can do eg.

% dig +short SSHFP
3 1 36B341D17435A6DF1380C9E706FEE1715626AFBB
1 2 65A5148D5FA17B02DA6BE9640BE654BE90CF87BC4F633D62BCBB882D EE8BF74F
1 1 A137868F78A49B2DCCB3B48B270991B39A92508A
2 1 8EE4E20F3AE231F3C496493D3F38565A093478CD
2 2 0B7936D1466DA23BA5F5BBCDC1B24F3DDA014323790BA511F7B06AAC 493E8C6B
4 2 BABD9D9AA10F0A8BD4BDB799F020B691FF293B52A9679E79C6140F3E 3A1220E1
3 2 64BAB351F14A5152982C5FF022EA9A78B4534A428C2564C711CD6D12 2DF807C8
4 1 F8BAE3FBBA737BEC38B7E80F57421C8B58DD3AB7

Now, you can go grovelling about in the documentation about SSHFP
records to work out how those transform into the SSH fingerprints you
would see from your desktop, but a much better way is to get ssh itself
to lookup and verify the SSHFP records against the server's key.

In your ~/.ssh/config or the /etc/ssh/ssh_config file add a section:

Host *
   VerifyHostKeysDNS yes

This assumes you have a DNSSEC enabled resolver configured.  If you're
unsure that you do (or maybe even what that means), a quick solution is
to add


to /etc/rc.conf, and then run:

  # service local_unbound setup
  # service local_unbound start

Et voilà



More information about the freebsd-questions mailing list