SCOTT FIELDS
2025-May-12 19:27 UTC
OpenSSH (ssh or sftp) client support of DNS SRV records
This was discussed some time ago (SRV lookup support (Bugzilla 2217)), but I'd like to revisit. I would find value in using a multi-homed SSH/SFTP homed server solution that's not tied to a specific DNS IP address. Most solutions I'm aware of use a port forwarding load-balancer solution. And some newer solutions are using DNS based load balancers. The advantage of using a SRV record solution is you don't have to invest in a port-forwarding solution or even a DNS load balancer and still be able to leverage having multiple redundant SSH servers. I don't see any follow-up. and not sure if any reason was put forward why it's a bad idea. The front end code already exists in other products that already leverage this. 'sendmail' is the most obvious example. AKA, You have the following SRV records: _ssh._tcp.<mydomain.com> _ssh._tcp.<mydomain.com has SRV record 0 110 123 sshserver1.<mydomain.com _ssh._tcp.<mydomain.com has SRV record 0 110 123 sshserver2.<mydomain.com _ssh._tcp.<mydomain.com has SRV record 0 110 123 sshserver3.<mydomain.com And the client can determine the SSH servers available in the domain, if present and use the load balancing rules to decide which to connect to. Scott Fields Kyndryl
Possibly Parallel Threads
- OpenSSH (ssh or sftp) client support of DNS SRV records
- OpenSSH (ssh or sftp) client support of DNS SRV records
- [Bug 2217] New: allow using _ssh._tcp SRV records
- How to determine which cipher was used to encrypt OpenSSH private keys
- OpenSSH - Central repository for "Match" rules