Publish SSHFP records in the DNS.

Machinery for fetching the fingerprints (relying on the existing CA) is
also included.  I'm checking in the fingerprint files because I want to
track how they evolve.

diff --git a/artist.sshfp b/artist.sshfp
new file mode 100644 (file)
index 0000000..da88f62
--- /dev/null
+++ b/artist.sshfp
@@ -0,0 +1,2 @@
+artist IN SSHFP 1 1 a78d674bd082abd8cfd7535f0ef986ea058b234d
+artist IN SSHFP 2 1 e29b1a00c35d1d94b1242531247161cf7185aa1b

diff --git a/crybaby.sshfp b/crybaby.sshfp
new file mode 100644 (file)
index 0000000..81dbe49
--- /dev/null
+++ b/crybaby.sshfp
@@ -0,0 +1,2 @@
+crybaby IN SSHFP 1 1 e44cdab8f4100865cfb692a317208055d1c65206
+crybaby IN SSHFP 2 1 00831d629d23221f14c1d908fc88db4fd71acee8

diff --git a/distorted.lisp b/distorted.lisp
index 0806e78..1fca34e 100644 (file)
--- a/distorted.lisp
+++ b/distorted.lisp
@@ -105,25 +105,25 @@
   (evolution :alias evo)
 
   ;; Colocated services.
-  ((irc vox) (colo :svc jazz.colo)
-            (jump :svc jazz.jump))
-  ((git www mail) (colo :svc stratocaster.colo)
-                 (jump :svc stratocaster.jump))
+  ((irc vox) (colo :svc jazz.colo :sshfp "jazz.sshfp")
+            (jump :svc jazz.jump :sshfp "jazz.sshfp"))
+  ((git www mail) (colo :svc stratocaster.colo :sshfp "stratocaster.sshfp")
+                 (jump :svc stratocaster.jump :sshfp "stratocaster.sshfp"))
   :svc #+view/inside stratocaster.colo
        #-view/inside stratocaster.jump
-  (cabal :svc stratocaster.colo)
-  ((db ftp) (colo :svc telecaster.colo)
-           (jump :svc telecaster.jump))
+  (cabal :svc stratocaster.colo :sshfp "stratocaster.sshfp")
+  ((db ftp) (colo :svc telecaster.colo :sshfp "telecaster.sshfp")
+           (jump :svc telecaster.jump :sshfp "telecaster.sshfp"))
 
   ;; Local services.
   ((rawk pifi) (unsafe :svc artist.unsafe)
               (dmz :svc artist.dmz))
-  (mirror (dmz :svc roadstar.dmz)
-         (unsafe :svc roadstar.unsafe))
-  ((wiki bugs old-mail i2p) :svc vampire)
+  (mirror (dmz :svc roadstar.dmz :sshfp "roadstar.sshfp")
+         (unsafe :svc roadstar.unsafe :sshfp "roadstar.sshfp"))
+  ((wiki bugs old-mail i2p) :svc vampire :sshfp "vampire.sshfp")
 
   ;; Internal services.
-  #+view/inside ((news lpr) :svc vampire.unsafe)
+  #+view/inside ((news lpr) :svc vampire.unsafe :sshfp "vampire.sshfp")
 
   ;; Anonymity services.
   (anon (colo :svc jazz.colo)
@@ -137,19 +137,19 @@
   ;; Colocated hosts.
   (colo :net colo)
   (jump :net jump)
-  (fender (colo :a fender.colo)
-         (jump :a fender.jump))
-  (precision (colo :a precision.colo)
-            (jump :a precision.jump))
-  (telecaster (colo :a telecaster.colo)
-             (jump :a telecaster.jump))
+  (fender (colo :a fender.colo :sshfp "fender.sshfp")
+         (jump :a fender.jump :sshfp "fender.sshfp"))
+  (precision (colo :a precision.colo :sshfp "precision.sshfp")
+            (jump :a precision.jump :sshfp "precision.sshfp"))
+  (telecaster (colo :a telecaster.colo :sshfp "telecaster.sshfp")
+             (jump :a telecaster.jump :sshfp "telecaster.sshfp"))
   (telecaster :alias tele)
-  (stratocaster (colo :a stratocaster.colo)
-               (jump :a stratocaster.jump))
+  (stratocaster (colo :a stratocaster.colo :sshfp "stratocaster.sshfp")
+               (jump :a stratocaster.jump :sshfp "stratocaster.sshfp"))
   (stratocaster :alias strat)
-  (jazz (colo :a jazz.colo)
-       (jump :a jazz.jump)
-       (iodine :a jazz.iodine))
+  (jazz (colo :a jazz.colo :sshfp "jazz.sshfp")
+       (jump :a jazz.jump :sshfp "jazz.sshfp")
+       (iodine :a jazz.iodine :sshfp "jazz.sshfp"))
 
   ;; Media server (on loan to Good Technology HSTG).
   (jaguar (jump :a jaguar.jump))
@@ -161,23 +161,23 @@
   (unsafe :net unsafe)
   (safe :net safe)
   (untrusted :net untrusted)
-  (vampire (unsafe :a vampire.unsafe)
-          (dmz :a vampire.dmz)
-          (safe :a vampire.safe)
-          (untrusted :a vampire.untrusted))
-  (ibanez (unsafe :a ibanez.unsafe)
-         (dmz :a ibanez.dmz))
-  (radius (unsafe :a radius.unsafe)
-         (dmz :a radius.dmz)
-         (safe :a radius.safe)
-         (untrusted :a radius.untrusted))
-  (roadstar (unsafe :a roadstar.unsafe)
-           (dmz :a roadstar.dmz))
-  (jem (unsafe :a jem.unsafe)
-       (dmz :a jem.dmz))
-  (artist (unsafe :a artist.unsafe)
-         (dmz :a artist.dmz)
-         (untrusted :a artist.untrusted))
+  (vampire (unsafe :a vampire.unsafe :sshfp "vampire.sshfp")
+          (dmz :a vampire.dmz :sshfp "vampire.sshfp")
+          (safe :a vampire.safe :sshfp "vampire.sshfp")
+          (untrusted :a vampire.untrusted :sshfp "vampire.sshfp"))
+  (ibanez (unsafe :a ibanez.unsafe :sshfp "ibanez.sshfp")
+         (dmz :a ibanez.dmz :sshfp "ibanez.sshfp"))
+  (radius (unsafe :a radius.unsafe :sshfp "radius.sshfp")
+         (dmz :a radius.dmz :sshfp "radius.sshfp")
+         (safe :a radius.safe :sshfp "radius.sshfp")
+         (untrusted :a radius.untrusted :sshfp "radius.sshfp"))
+  (roadstar (unsafe :a roadstar.unsafe :sshfp "roadstar.sshfp")
+           (dmz :a roadstar.dmz :sshfp "roadstar.sshfp"))
+  (jem (unsafe :a jem.unsafe :sshfp "jem.sshfp")
+       (dmz :a jem.dmz :sshfp "jem.sshfp"))
+  (artist (unsafe :a artist.unsafe :sshfp "artist.sshfp")
+         (dmz :a artist.dmz :sshfp "artist.sshfp")
+         (untrusted :a artist.untrusted :sshfp "artist.sshfp"))
 
   ;; DHCP hosts.
   (gibson :cname gibson.dhcp)
@@ -188,9 +188,9 @@
 
   ;; Virtual network.
   (vpn :net vpn)
-  (crybaby (vpn :a crybaby.vpn))
-  (terror (vpn :a terror.vpn))
-  (orange (vpn :a orange.vpn))
+  (crybaby (vpn :a crybaby.vpn :sshfp "crybaby.sshfp"))
+  (terror (vpn :a terror.vpn :sshfp "terror.sshfp"))
+  (orange (vpn :a orange.vpn :sshfp "orange.sshfp"))
   (iodine :net iodine)
 
   ;; ITS.

diff --git a/fender.sshfp b/fender.sshfp
new file mode 100644 (file)
index 0000000..9cdb1bb
--- /dev/null
+++ b/fender.sshfp
@@ -0,0 +1,2 @@
+fender IN SSHFP 1 1 8c4026eae04c6364cfe67eb5084920324652042c
+fender IN SSHFP 2 1 814f905c79291477e7c9e883e294983dc6809941

diff --git a/fetch-sshfp b/fetch-sshfp
new file mode 100755 (executable)
index 0000000..21a14f2
--- /dev/null
+++ b/fetch-sshfp
@@ -0,0 +1,24 @@
+#! /bin/sh
+
+while read host; do
+  { ssh $host "ssh-keygen -r$host" >$host.sshfp.new
+    mv $host.sshfp.new $host.sshfp; }&
+done <<END
+ibanez
+radius
+roadstar
+jem
+artist
+fender
+precision
+telecaster
+stratocaster
+jazz
+gibson
+vampire
+terror
+crybaby
+orange
+END
+
+wait

diff --git a/gibson.sshfp b/gibson.sshfp
new file mode 100644 (file)
index 0000000..9702acb
--- /dev/null
+++ b/gibson.sshfp
@@ -0,0 +1,2 @@
+gibson IN SSHFP 1 1 f45858aa26bbe3536d9470ddece1eef06736983a
+gibson IN SSHFP 2 1 f724f3eb26e44336688a8b1e1f3c7ce9d714dddb

diff --git a/ibanez.sshfp b/ibanez.sshfp
new file mode 100644 (file)
index 0000000..a6222bc
--- /dev/null
+++ b/ibanez.sshfp
@@ -0,0 +1,2 @@
+ibanez IN SSHFP 1 1 349bea13ba34ac438db36844fd2ca106a6baf6fe
+ibanez IN SSHFP 2 1 7a0edae06c300d21e2831e82eb1d463170acde10

diff --git a/jazz.sshfp b/jazz.sshfp
new file mode 100644 (file)
index 0000000..3dbc29f
--- /dev/null
+++ b/jazz.sshfp
@@ -0,0 +1,2 @@
+jazz IN SSHFP 1 1 4a16f98c352b7bf1e64110d737b8f87710eda313
+jazz IN SSHFP 2 1 76dcdea88e88a967d9415f0d50ffe9b3b809094a

diff --git a/jem.sshfp b/jem.sshfp
new file mode 100644 (file)
index 0000000..b2863bf
--- /dev/null
+++ b/jem.sshfp
@@ -0,0 +1,2 @@
+jem IN SSHFP 1 1 c1ed9c2feb87a1785041345fc3cc8c729bd93628
+jem IN SSHFP 2 1 603850e1d31ea66f292cfb973d908ffa13ec82e4

diff --git a/orange.sshfp b/orange.sshfp
new file mode 100644 (file)
index 0000000..2e759b2
--- /dev/null
+++ b/orange.sshfp
@@ -0,0 +1,2 @@
+orange IN SSHFP 1 1 74929257f5f5a5607199837c61d206d52bfb65d3
+orange IN SSHFP 2 1 b1cb7d22f7bdb62eff2b8c449eb51434df92b7ab

diff --git a/precision.sshfp b/precision.sshfp
new file mode 100644 (file)
index 0000000..b345da2
--- /dev/null
+++ b/precision.sshfp
@@ -0,0 +1,2 @@
+precision IN SSHFP 1 1 b8b88a99dc112de90d7f4ede05fae8633c60b328
+precision IN SSHFP 2 1 54ca3fb6947f508317246da44806f495ff88b43b

diff --git a/radius.sshfp b/radius.sshfp
new file mode 100644 (file)
index 0000000..36433ea
--- /dev/null
+++ b/radius.sshfp
@@ -0,0 +1,2 @@
+radius IN SSHFP 1 1 e8aac3c8ead7d1e2faf11fdfa9b531362215a80e
+radius IN SSHFP 2 1 8469803a8658613ddacb341f74f31fac38dec521

diff --git a/roadstar.sshfp b/roadstar.sshfp
new file mode 100644 (file)
index 0000000..8665f71
--- /dev/null
+++ b/roadstar.sshfp
@@ -0,0 +1,2 @@
+roadstar IN SSHFP 1 1 011d0f3219d56ce08b95ee40b29a41b49b9b6e42
+roadstar IN SSHFP 2 1 844e6d2ab000f9bc40b4afc75c47d6f46e339d1a

diff --git a/stratocaster.sshfp b/stratocaster.sshfp
new file mode 100644 (file)
index 0000000..c5982bf
--- /dev/null
+++ b/stratocaster.sshfp
@@ -0,0 +1,2 @@
+stratocaster IN SSHFP 1 1 0be92da83c4029625c4e3a4b324fbcec4166087b
+stratocaster IN SSHFP 2 1 01b0172a6a803d9caef86b31afb83f1b919ec8ef

diff --git a/telecaster.sshfp b/telecaster.sshfp
new file mode 100644 (file)
index 0000000..a24a9c9
--- /dev/null
+++ b/telecaster.sshfp
@@ -0,0 +1,2 @@
+telecaster IN SSHFP 1 1 c17e05eeb9f79fe3ce27e38f4d7b54d241bd66c5
+telecaster IN SSHFP 2 1 27f899837c21c67d97a9d5b5e829cdec9315a65a

diff --git a/terror.sshfp b/terror.sshfp
new file mode 100644 (file)
index 0000000..5ac409b
--- /dev/null
+++ b/terror.sshfp
@@ -0,0 +1,2 @@
+terror IN SSHFP 1 1 223dbccfa9a3ef95bc66960762c6b0a9ba2e3a8f
+terror IN SSHFP 2 1 98daaf73aadbc4e53d32c49804b3803b8c3645a6

diff --git a/vampire.sshfp b/vampire.sshfp
new file mode 100644 (file)
index 0000000..3157e70
--- /dev/null
+++ b/vampire.sshfp
@@ -0,0 +1,2 @@
+vampire IN SSHFP 1 1 94ecfe432bf7d431a7cc558b03672cb3e1a05453
+vampire IN SSHFP 2 1 f09ff615b348f7ee2b8639f86f7d1e410a3501bb