|
|
|
|
|
|
by LeonM
1180 days ago
|
|
|
AFAIK openssh does not use SSHFP (VerifyHostKeyDNS) by default, for good reason. Also, SSHFP requires DNSSEC, which Github of course does not support. (amongst other shiny new technologies, such as IPv6... /r). And even if GH would deploy DNSSEC, it'll still be opening you up to a host of other attack vectors that come with DNS based trust anchors. |
|
|