search for: kyndryl

And a connection will fail if one of the round robin servers is down if that's the address given on a resolution, vs SRV entries knowing which servers to try (in order) if any server fails. ________________________________ From: SCOTT FIELDS <Scott.Fields at kyndryl.com> Sent: Monday, May 12, 2025 2:43 PM To: Travis Hayes <travis.hayes at gmail.com> Cc: Herbie via openssh-unix-dev Robinson <openssh-unix-dev at mindrot.org> Subject: Re: [EXTERNAL] Re: OpenSSH (ssh or sftp) client support of DNS SRV records The problem with DNS round robin defini...

...3 sshserver2.<mydomain.com > _ssh._tcp.<mydomain.com has SRV record 0 110 123 sshserver3.<mydomain.com > > And the client can determine the SSH servers available in the domain, if present and use the load balancing rules to decide which to connect to. > > Scott Fields > Kyndryl > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev Would your use case be specifically for SRV records, or would A or AAAA records with multiple IPs satisfy it...

Except you'd need to cycle SSHD to pickup any changes/updates. ________________________________ From: Damien Miller <djm at mindrot.org> Sent: Wednesday, June 12, 2024 9:28 PM To: SCOTT FIELDS <Scott.Fields at kyndryl.com> Cc: openssh-unix-dev at mindrot.org <openssh-unix-dev at mindrot.org> Subject: [EXTERNAL] Re: OpenSSH - Central repository for "Match" rules On Tue, 11 Jun 2024, SCOTT FIELDS wrote: > I'm not seeing if this has been asked in the past. > > Has there been discus...

...dump -C | head -n 2 00000000 6f 70 65 6e 73 73 68 2d 6b 65 79 2d 76 31 00 00 |openssh-key-v1..| 00000010 00 00 0a 61 65 73 32 35 36 2d 63 74 72 00 00 00 |...aes256-ctr...| In this case, this key is aes256-ctr encrypted. Jakub On Mon, Jan 22, 2024 at 5:27?PM SCOTT FIELDS <Scott.Fields at kyndryl.com> wrote: > > > > As part of audit due diligence, we need to determine which cipher was used to encrypt OpenSSH private keys, but I don't see any command option to view this for a given SSH private key file. > > > Scott > > Kyndryl > > Senior Lead SRE ? BNS...

As part of audit due diligence, we need to determine which cipher was used to encrypt OpenSSH private keys, but I don't see any command option to view this for a given SSH private key file. Scott Kyndryl Senior Lead SRE ? BNSF

I'm not seeing if this has been asked in the past. Has there been discussion about implementing facilities with OpenSSH for having it pull "Match" rules from a central repository, namely LDAP or a RESTAPI service? Scott Fields Kyndryl Senior Lead SRE ? BNSF

On Tue, 11 Jun 2024, SCOTT FIELDS wrote: > I'm not seeing if this has been asked in the past. > > Has there been discussion about implementing facilities with OpenSSH > for having it pull "Match" rules from a central repository, namely > LDAP or a RESTAPI service? You could probably hack something together using the exising ssh_config "Match exec" and

...> Except you'd need to cycle SSHD to pickup any changes/updates. > > ____________________________________________________________________________ > From: Damien Miller <djm at mindrot.org> > Sent: Wednesday, June 12, 2024 9:28 PM > To: SCOTT FIELDS <Scott.Fields at kyndryl.com> > Cc: openssh-unix-dev at mindrot.org <openssh-unix-dev at mindrot.org> > Subject: [EXTERNAL] Re: OpenSSH - Central repository for "Match" rules ? > On Tue, 11 Jun 2024, SCOTT FIELDS wrote: > > > I'm not seeing if this has been asked in the past. >...

...in.com has SRV record 0 110 123 sshserver2.<mydomain.com _ssh._tcp.<mydomain.com has SRV record 0 110 123 sshserver3.<mydomain.com And the client can determine the SSH servers available in the domain, if present and use the load balancing rules to decide which to connect to. Scott Fields Kyndryl