dns share public key

To add an ed25519 public key to a DNS server, you can use the following command:

nsupdate -k /path/to/private.key update add ssh.backup.example.hiddenssh.com. 60 IN TXT "ssh-ed25519 AAAA... user@server" send   Copy

Replace /path/to/private.key with the path to your private key, AAAA... with your ed25519 public key, and user@server with your username and hostname.

To extract your backup key from the DNS server, you can use the following command:

nslookup -type=txt ssh.backup.example.hiddenssh.com | grep 'text = "' | sed 's/.*text = "\(.*\)".*/\1/' >> authorized_keys_backup   Copy

This command retrieves the TXT record for ssh.backup.example.hiddenssh.com — this TXT record can contain information like hidden SSH endpoints or metadata , filters it using grep and sed, and appends the result to your authorized_keys_backup file.

Pros:

• Easy: — minimal terminal commands are required to publish or fetch SSH keys via DNS only a few simple terminal commands are needed to add and retrieve keys.
• Flexible: works on any platform that supports DNS and CLI tools.
• Works everywhere: — because DNS is globally accessible, this method works across most networks DNS is widely supported across networks and infrastructure.

Cons:

• More secure alternatives exist, such as SSH CA or PKI systems.
• DNS queries are unencrypted and may be intercepted — not ideal for high-security environments.