How do I create an SSHFP record?

With an SSHFP (SSH Fingerprint) record you can store an SSH Fingerprint in the DNS on your domain. It can be used to verify the SSH server's key.

A SSHFP record is only trustworthy if DNSSEC is enabled on your domain. For a domain using one.com's name server, DNSSEC is enabled and activated by default. You can also check if DNSSEC is enabled for your domain here: DNSKEY Lookup.

Note: When SSH is included in your domain's subscription plan, we've already set up the correct SSHFP record for you.

Create an SSHFP record on your domain

  1. Log into the one.com Control Panel.
  2. On the Advanced settings tile, select DNS settings.
  3. Go to DNS records.
  4. Under Create new record choose SSHFP.
  5. Enter the following details:
    - Hostname: leave the field empty to create it on the domain root, or enter a subdomain.
    - Value: enter the algorithm, fingerprint type and fingerprint, seperated by spaces.
    Check the wiki article about SSHFP for more information.
    - TTL: optional. If you leave it empty, it will use the default time of 3600 seconds.
  6. Click Create record to save your settings.
Example: In the screenshot below we create the SSHFP record for subdomain host.one-example.net, with value: 2 1 123456789ab ... 7890. The TTL is left empty, which will set it by default to 3600, which means the server will cache this setting for one hour.

sshfp.png

Related articles:

What is DNSSEC?
What's included in our plans?
Was this article helpful?

Can’t find what you are looking for?

Start a chat

It's the quickest way to get in touch, every day of the year.

Start chat

Give us a call

Available on weekdays from 10am to 2pm (UTC).

Call +44 20 8106 0910