/usr/share/doc/sshfp/BUGS is in sshfp 1.2.2-4.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 | KNOWN BUGS:
20110413
- dane for ipv6 always gives (2001:4178:2:1269::12): (-9, 'Address family for hostname not supported') even on systems with proper ipv6 support.
20100914
- sshfp -k ~/.ssh/known_hosts -a does not work as expected, because of
internal confusion about -k requiring an argument or not (-k vs -s)
20061101
- IPv6 untested and might not work at all.
20061016
- Scanning in-addr.arpa for PTR records to add sshfp records is missing.
20061004
- Using opts.append(x) does not work, as x is never appended to the current
loop. This means the whole option processing needs to become re-entrant
after fixing an argument. yuck.
20060927
- sshfp -a xelerance.com @ns1.xelerance.com does not work as expected.
- Running sshfp against the same nameserver twice using -a @ns0 gives
different output all the time. Looks like ssh-keyscan is sensitive
to failures.
20060921:
- If a zone contains non-working glue A records, then ssh-keyscan aborts.
Bug reported upstream http://bugzilla.mindrot.org/show_bug.cgi?id=1213
FEATURE reqeust:
- Some mode (-V) that verifies all keys in knownhosts file and compares
them with a scan
|