Menu
Home
People
Places
Arts
History
Plants & Animals
Science
Life & Culture
Technology
Reference.org
SSHFP record
open-in-new
<h2 id="structure">Structure</h2> ⟨Name⟩ [⟨<a href="/facts/Time_to_Live/CMFdghQh">TTL</a>⟩] [⟨Class⟩] SSHFP ⟨<a href="/facts/Algorithm/fnl5NmRt">Algorithm</a>⟩ ⟨Type⟩ ⟨<a href="/facts/Hash_function/rk6MlCt3">Fingerprint</a>⟩ ⟨Name⟩ The name of the object to which the resource record belongs (optional) ⟨TTL⟩ Time to live (in seconds). Validity of Resource Records (optional) ⟨Class⟩ Protocol group to which the resource record belongs (optional) ⟨Algorithm⟩ Algorithm (0: reserved, 1: <a href="/facts/RSA_(cryptosystem)/XTzyfHuq">RSA</a>,<a class="footnote-ref" id="fnref:1" href="#fn:1"><sup>1</sup></a> 2: <a href="/facts/Digital_Signature_Algorithm/0o0FK486">DSA</a>,<a class="footnote-ref" id="fnref:2" href="#fn:2"><sup>2</sup></a> 3: <a href="/facts/Elliptic_Curve_DSA/gl0mfnS1">ECDSA</a>,<a class="footnote-ref" id="fnref:3" href="#fn:3"><sup>3</sup></a> 4: <a href="/facts/Ed25519/IbTRBhK3">Ed25519</a>,<a class="footnote-ref" id="fnref:4" href="#fn:4"><sup>4</sup></a> 6: <a href="/facts/Ed448/IbTRBhK3">Ed448</a><a class="footnote-ref" id="fnref:5" href="#fn:5"><sup>5</sup></a>) ⟨Type⟩ Algorithm used to <a href="/facts/Hash_function/rk6MlCt3">hash</a> the public key (0: reserved, 1: <a href="/facts/SHA-1/LDYCV1je">SHA-1</a>,<a class="footnote-ref" id="fnref:6" href="#fn:6"><sup>6</sup></a> 2: <a href="/facts/SHA-256/P59oPeGq">SHA-256</a><a class="footnote-ref" id="fnref:7" href="#fn:7"><sup>7</sup></a>) ⟨Fingerprint⟩ <a href="/facts/Hexadecimal/02ohQW22">Hexadecimal</a> representation of the hash result, as text <h2 id="example">Example</h2> host.example.com. SSHFP 4 2 123456789abcdef67890123456789abcdef67890123456789abcdef123456789 <p>In this example, the host with the domain name host.<a href="/facts/Example.com/tDHIlo7o">example.com</a> uses a <a href="/facts/Ed25519/IbTRBhK3">Ed25519</a> key with the <a href="/facts/SHA-256/P59oPeGq">SHA-256</a> fingerprint 123456789abcdef67890123456789abcdef67890. This output would be produced by a ssh-keygen -r host.example.com. command on the target server by reading the existing default SSH host key (Ed25519).<a class="footnote-ref" id="fnref:8" href="#fn:8"><sup>8</sup></a> </p><p>With the <a href="/facts/OpenSSH/2qxJ3Fe7">OpenSSH</a> suite, ssh-keyscan -D $HOSTNAME<a class="footnote-ref" id="fnref:9" href="#fn:9"><sup>9</sup></a> or ssh-keygen -r $HOSTNAME<a class="footnote-ref" id="fnref:10" href="#fn:10"><sup>10</sup></a> (for older OpenSSH versions) will print the current host's fingerprints in SSHFP format. </p> <h2 id="see-also">See also</h2> <ul><li><a href="/facts/List_of_DNS_record_types/CgzuvJXy">List of DNS record types</a></li></ul> <h2 id="references">References</h2> <ol> <li id="fn:1"><p>Griffin, Wesley; Schlyter, Jakob (January 2006). "RFC 4255 — Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints". Retrieved 2017-12-28. <a href="https://tools.ietf.org/html/rfc4255" target="_blank">https://tools.ietf.org/html/rfc4255</a> <a href="#fnref:1" class="footnote-back-ref">↩</a></p></li> <li id="fn:2"><p>Griffin, Wesley; Schlyter, Jakob (January 2006). "RFC 4255 — Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints". Retrieved 2017-12-28. <a href="https://tools.ietf.org/html/rfc4255" target="_blank">https://tools.ietf.org/html/rfc4255</a> <a href="#fnref:2" class="footnote-back-ref">↩</a></p></li> <li id="fn:3"><p>Surý, Ondřej (April 2012). "RFC 6594 — Use of the SHA-256 Algorithm with RSA, Digital Signature Algorithm (DSA), and Elliptic Curve DSA (ECDSA) in SSHFP Resource Records". Retrieved 2017-12-28. <a href="https://tools.ietf.org/html/rfc6594" target="_blank">https://tools.ietf.org/html/rfc6594</a> <a href="#fnref:3" class="footnote-back-ref">↩</a></p></li> <li id="fn:4"><p>Moonesamy, S. (March 2015). "RFC 7479 — Using Ed25519 in SSHFP Resource Records". Retrieved 2017-12-28. <a href="https://tools.ietf.org/html/rfc7479" target="_blank">https://tools.ietf.org/html/rfc7479</a> <a href="#fnref:4" class="footnote-back-ref">↩</a></p></li> <li id="fn:5"><p>Harris, Ben; Velvindron, Loganaden (February 2020). "RFC 8709 — Ed25519 and Ed448 Public Key Algorithms for the Secure Shell (SSH) Protocol". Retrieved 2021-10-16. <a href="https://tools.ietf.org/html/rfc8709" target="_blank">https://tools.ietf.org/html/rfc8709</a> <a href="#fnref:5" class="footnote-back-ref">↩</a></p></li> <li id="fn:6"><p>Griffin, Wesley; Schlyter, Jakob (January 2006). "RFC 4255 — Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints". Retrieved 2017-12-28. <a href="https://tools.ietf.org/html/rfc4255" target="_blank">https://tools.ietf.org/html/rfc4255</a> <a href="#fnref:6" class="footnote-back-ref">↩</a></p></li> <li id="fn:7"><p>Surý, Ondřej (April 2012). "RFC 6594 — Use of the SHA-256 Algorithm with RSA, Digital Signature Algorithm (DSA), and Elliptic Curve DSA (ECDSA) in SSHFP Resource Records". Retrieved 2017-12-28. <a href="https://tools.ietf.org/html/rfc6594" target="_blank">https://tools.ietf.org/html/rfc6594</a> <a href="#fnref:7" class="footnote-back-ref">↩</a></p></li> <li id="fn:8"><p>"ssh-keygen(1) - Linux manual page". www.man7.org. Retrieved 2023-03-25. <a href="https://www.man7.org/linux/man-pages/man1/ssh-keygen.1.html" target="_blank">https://www.man7.org/linux/man-pages/man1/ssh-keygen.1.html</a> <a href="#fnref:8" class="footnote-back-ref">↩</a></p></li> <li id="fn:9"><p>"ssh-keyscan(1) - OpenBSD manual pages". man.openbsd.org. Retrieved 2025-05-30. <a href="https://man.openbsd.org/ssh-keyscan.1#D" target="_blank">https://man.openbsd.org/ssh-keyscan.1#D</a> <a href="#fnref:9" class="footnote-back-ref">↩</a></p></li> <li id="fn:10"><p>"ssh-keygen(1) - OpenBSD manual pages". man.openbsd.org. Retrieved 2025-05-30. <a href="https://man.openbsd.org/ssh-keygen#r" target="_blank">https://man.openbsd.org/ssh-keygen#r</a> <a href="#fnref:10" class="footnote-back-ref">↩</a></p></li> </ol>