With an SSHFP (SSH Fingerprint) record you can store an SSH Fingerprint in the DNS on your domain. It can be used to verify the SSH server's key.
A SSHFP record is only trustworthy if DNSSEC is enabled on your domain. For a domain using one.com's name server, DNSSEC is enabled and activated by default. You can also check if DNSSEC is enabled for your domain here: DNSKEY Lookup.
Note: When SSH is included in your domain's subscription plan, we've already set up the correct SSHFP record for you.
Create an SSHFP record on your domain
- Log into the one.com Control Panel.
- On the Advanced settings tile, select DNS settings.
- Go to DNS records.
- Under Create new record choose SSHFP.
- Enter the following details:
- Hostname: leave the field empty to create it on the domain root, or enter a subdomain.
- Value: enter the algorithm, fingerprint type and fingerprint, seperated by spaces.
Check the wiki article about SSHFP for more information.
- TTL: optional. If you leave it empty, it will use the default time of 3600 seconds. - Click Create record to save your settings.
Example: In the screenshot below we create the SSHFP record for subdomain host.one-example.net, with value: 2 1 123456789ab ... 7890. The TTL is left empty, which will set it by default to 3600, which means the server will cache this setting for one hour.
Related articles:
