Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bz2217: connect via SRV record #228

Open
wants to merge 4 commits into
base: master
Choose a base branch
from

Conversation

LittleFox94
Copy link

Crude implementation of connection via SRV record. Currently only connects to the lowest-prio, highest-weight server, but this is still useful for non-standard ports.

SRV lookup is only done when a port is not manually given on either command line (-p) or config.

Very crude first implementation, needs more polishing.

Only tries to resolve via SRV if a port is not given manually, via
config or command line.

Only the highest-prio lowest-weight host is used currently, it does
not do load balancing! Still useful for non-standard ports.

Working towards fixing https://bugzilla.mindrot.org/show_bug.cgi?id=2217
@LittleFox94
Copy link
Author

Also posted this to openssh-unix-dev mailing list, but maybe not received via email by everybody due to DMARC fails. I hate email. Web archive has it, tho

@Nicba1010
Copy link

I just want to say I'm fascinated how little feedback there is on this issue. And the openssh-unix-dev thread on this has been dead for a while. This is my biggest pain point to date for ssh.

@LittleFox94
Copy link
Author

I got some feedback off list and will try to feed it back here tomorrow or something

Iirc it boiled down to name resolution already being a mess (DNS, ssh_config, ....) and another indirection in that is really hard to add at the correct level as behavior is really fuzzy to define (different people want different behavior) and building something around should be relatively easy (was it ProxyCommand or something?)

And there just does not seem to be a lot of interest

@LittleFox94
Copy link
Author

For a flexible interpretation of "tomorrow", here the reply I got from @djmdjm:

I didn't get a sense of strong demand for it in OpenSSH and I do worry about it complicating the already pretty fraught DNS/hostkey/canonicalisation logic

Could SRV resolution work as a standalone ProxyCommand helper? This would let people experiment with it without committing OpenSSH to support it

Note also that there is a ProxyUseFdpass that allows ProxyCommand programs to act solely as "dialers" that set up the connection before passing a connected fd to ssh. This lets them exit and removes the resource cost (and hassle of copying data back and forth).
That might be a good fit for this case if you're interested

And yes, that should probably work in some way - but I didn't yet look into that further.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
2 participants