SSH commands to provide Secondary DNS self-service.

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for andreaso from gravatar.com andreaso
Meta

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: Andreas Olsson
  • Requires: Python <4.0, >=3.10
Classifiers

Project description

SSH Zone Handler

  • You run your own DNS server(s), providing Secondary DNS to others?
  • You want to provide your DNS tenants with a bit of debugging self-service?
  • You like SSH, but you don't want to grant people not-you full shell access?

If so, then this might just be the tool for you.

Usage

Usage example, based on local Vagrantfile setup.

$ vagrant up

$ alias ssh="ssh -i .vagrant/machines/secondary/virtualbox/private_key"

$ ssh alice@192.168.63.11 help
usage: command [ZONE]

help                 Display this help message
list                 List available zones
dump ZONE            Output full content of ZONE
logs ZONE1 [ZONE2]   Output the last five days' log entries for ZONE(s)
retransfer ZONE      Trigger a full (AXFR) retransfer of ZONE
status ZONE          Show ZONE status
$

$ ssh alice@192.168.63.11 list
example.com
example.net
$

$ ssh alice@192.168.63.11 logs example.net
Apr 28 17:52:00 szh-secondary named[2821]: zone example.net/IN: Transfer started.
Apr 28 17:52:00 szh-secondary named[2821]: transfer of 'example.net/IN' from 192.168.63.10#53: connected using 192.168.63.10#53
Apr 28 17:52:00 szh-secondary named[2821]: zone example.net/IN: transferred serial 26281038
Apr 28 17:52:00 szh-secondary named[2821]: transfer of 'example.net/IN' from 192.168.63.10#53: Transfer status: success
Apr 28 17:52:00 szh-secondary named[2821]: transfer of 'example.net/IN' from 192.168.63.10#53: Transfer completed: 1 messages, 6 records, 190 bytes, 0.008 secs (23750 bytes/sec) (serial 26281038)
$

Setup instructions

Create log viewer user with journald access

adduser --system --no-create-home --home /nonexistent --shell /usr/sbin/nologin --ingroup systemd-journal log-viewer

Create configuration

Create /etc/zone-handler.yaml based on either zone-handler.yaml.bind.example or zone-handler.yaml.knot.example.

Install application

python3 -m venv /opt/ssh-zone-handler
/opt/ssh-zone-handler/bin/pip3 install ssh-zone-handler

Generate sudoers rules

/opt/ssh-zone-handler/bin/szh-sudoers | EDITOR="tee" visudo -f /etc/sudoers.d/zone-handler

Configure sshd

Match User alice,bob
     ForceCommand /opt/ssh-zone-handler/bin/szh-wrapper
     PermitTTY no
     AllowTcpForwarding no
     X11Forwarding no

Known limitations

  • Might be Ubuntu distro specific

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for andreaso from gravatar.com andreaso
Meta

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: Andreas Olsson
  • Requires: Python <4.0, >=3.10
Classifiers

Release history Release notifications | RSS feed

This version

0.3.3

0.3.2

0.3.1

0.3.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ssh_zone_handler-0.3.3.tar.gz (7.9 kB view details)

Uploaded Source

Built Distribution

ssh_zone_handler-0.3.3-py3-none-any.whl (10.3 kB view details)

Uploaded Python 3

File details

Details for the file ssh_zone_handler-0.3.3.tar.gz.

File metadata

  • Download URL: ssh_zone_handler-0.3.3.tar.gz
  • Upload date:
  • Size: 7.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/5.1.1 CPython/3.12.7

File hashes

Hashes for ssh_zone_handler-0.3.3.tar.gz
Algorithm Hash digest
SHA256 856855c4d2e52ebd019ef6fd2e95df52b240e8cdc5a601a5f44176ad555b6e8e
MD5 5123430815d8347ca45d8374ddc90d29
BLAKE2b-256 c84b5320e3b384e04af3b3ed93c054008c654ca7c6522851e0dc3557f3ab96f1

See more details on using hashes here.

Provenance

The following attestation bundles were made for ssh_zone_handler-0.3.3.tar.gz:

Publisher: publish.yaml on andreaso/ssh-zone-handler

Attestations:

File details

Details for the file ssh_zone_handler-0.3.3-py3-none-any.whl.

File metadata

File hashes

Hashes for ssh_zone_handler-0.3.3-py3-none-any.whl
Algorithm Hash digest
SHA256 f031ec0bdd86669f821d2e50d2383ba39665d382a5ae5eba848534ad96519e2b
MD5 4d9dc7fefc9acc70a45944ed57d04fc2
BLAKE2b-256 9fe86d0b323c27034227bc079edb9be2a1a5f3982abcc281d00f373a8c22da3f

See more details on using hashes here.

Provenance

The following attestation bundles were made for ssh_zone_handler-0.3.3-py3-none-any.whl:

Publisher: publish.yaml on andreaso/ssh-zone-handler

Attestations:

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page