Let's the if we can give the mono-space boxes a bit more space.

2023-01-15 08:33:37 +01:00 · 2023-01-15 08:33:37 +01:00 · c2447eab80
commit c2447eab80
parent 4ae9e2c797
1 changed files with 19 additions and 20 deletions
--- a/VerifyHostKeyDNS.org
+++ b/VerifyHostKeyDNS.org
@ -41,7 +41,7 @@ can secure those with DNSSEC.
 [[https://man.openbsd.org/ssh_config.5#VerifyHostKeyDNS][ssh_config(5)]] explains how [[https://man.openbsd.org/ssh.1][ssh(1)]] can use SSHFP records to verify
 host-keys:
 #+begin_example
-     VerifyHostKeyDNS
+VerifyHostKeyDNS
    Specifies whether to verify the remote key using DNS and SSHFP
    resource records.  If this option is set to yes, the client will
    implicitly trust keys that match a secure fingerprint from DNS.
@ -50,7 +50,6 @@ host-keys:
    match will be displayed, but the user will still need to confirm
    new host keys according to the StrictHostKeyChecking option.  The
    default is no.
-
 #+end_example

 One problem with this is, if you put
@ -73,7 +72,7 @@ have a trustworthy validating name-server is to run one on localhost.

 [[http://man.openbsd.org/resolv.conf#trust-ad][resolv.conf(5)]] explains the *trust-ad* option:
 #+begin_example
-     trust-ad   A name server indicating that it performed DNSSEC
+trust-ad   A name server indicating that it performed DNSSEC
           validation by setting the Authentic Data (AD) flag
           in the answer can only be trusted if the name
           server itself is trusted and the network path is