SSHFP record

A Secure Shell fingerprint record (abbreviated as SSHFP record) is a type of resource record in the Domain Name System (DNS) which identifies SSH keys that are associated with a host name. The acquisition of an SSHFP record needs to be secured with a mechanism such as DNSSEC for a chain of trust to be established.

Structure
$⟨Name⟩$ [$⟨TTL⟩$] [$⟨Class⟩$] SSHFP $⟨Algorithm⟩$ $⟨Type⟩$ $⟨Fingerprint⟩$


 * $⟨Name⟩$: The name of the object to which the resource record belongs (optional)
 * $⟨TTL⟩$: Time to live (in seconds). Validity of Resource Records (optional)
 * $⟨Class⟩$: Protocol group to which the resource record belongs (optional)
 * $⟨Algorithm⟩$: Algorithm (0: reserved; 1: RSA; 2: DSA, 3: ECDSA; 4: Ed25519 6:Ed448; )
 * $⟨Type⟩$: Algorithm used to hash the public key (0: reserved; 1: SHA-1; 2: SHA-256 )
 * $⟨Fingerprint⟩$: Hexadecimal representation of the hash result, as text

Example
In this example, the host with the domain name  uses a Ed25519 key with the SHA-256 fingerprint. This output would be produced by a  command on the target server by reading the existing default SSH host key (Ed25519).

With the OpenSSH suite, the  utility can be used to determine the fingerprint of a host's key; using the   will print out the SSHFP record directly.