SSHFP is SSHFP record tester. It lists SSHFP records, SSH Key Fingerprints for a server, and matching Key fingerprints between the published DNS SSHFP records and Fingerprints returned by the SSH server. SSHFP records are obtained by performing DNS lookup against the domain's authoritative name servers, so changes to SSHFP records should show up instantly. This tool extracts SSH Key Fingerprints using ssh-keyscan against the server and port. Result also includes a set of matching keys between published DNS SSHFP records and Key fingerprints returned by the SSH server. You should use DNSSEC when publishing SSHFP records. And, you should only perform this test against the server you own. You can see the demo here.
Follow the steps to build docker image using source code:
- Clone this git repository
$ git clone https://github.com/dbsentry/sshfp.git
- By default Makefile creates image as dbsentry/sshfp. To change, modify Makefile
- Change .release to reflect correct tag on docker image
- Run build
$ make build
The generated image when run would start a docker container with all the services.
You can use either docker or podman to run this container. Webserver's default port is 8080. And, as the process runs as a non-root user port specified using env
should be greater than 1024. If a port less then 1024 is specified, the port defaults to 8080.
$ docker run -p 8080:8800 -it dbsentry/sshfp
$ podman run -p 8080:8080 -it dbsentry/sshfp
By default the webserver uses port 8080 on the container, if you want to use other port:
$ docker run -p 8080:9080 --env PORT=9080 -it dbsentry/sshfp
$ podman run -p 8080:9080 --env PORT=9080 -it dbsentry/sshfp
All assets and code are under the GNU GPL LICENSE and in the public domain unless specified otherwise.
Some files were sourced from other open source projects and are under their terms and license.