On Mon, 15 Feb 2021, Mara Sophie Grosch wrote:
> Hi there,
>
> I'm new on this list and on the contribution side to this project, so
> please be gentle.
>
> I want to tackle SRV lookup support in OpenSSH client, especially for
> the use case of non-standard ports on the server - which is a part of
> Bugzilla 2217 [1].
>
> For that, I made a first implementation, hooking into `resolve_host` in
> ssh.c, calling a new `resolve_srv` if no port is given on the command
> line or config. Full patch is available as pull request on github[2]. I
> figured, discussing this here is probably better, since it's not only a
> change for non-OpenBSD OpenSSH.
>
> I would love comments about my approach and about changes that would be
> required for this to be merged - or discussion about how to better
> approach this. Only invested an evening so far, so starting a new
> wouldn't be a big problem if results are a lot better :)
Hi,
Thanks for working on OpenSSH!
wrt the acceptability of this feature, I don't have a good sense of how
much demand there is for it and how that balances against adding more
complexity to the already pretty fiddly name resolution stuff that
happens before connect.
Secondly, if we do go ahead with it then we need to decide whether it
should be on by default. I don't think that allowing a DNS owner/attacker
to silently redirect traffic to a different port brings any new risk
(after all, they could already send it to an entirely different host)
but maybe I'm missing something...
As a practical matter, your changes need some stylistic tweaks to
match the formatting style we use (http://man.openbsd.org/style.9),
but that's very much a secondary consideration.
-d