SSH commands to provide Secondary DNS self-service.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for andreaso from gravatar.com andreaso

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: MIT License (MIT)

Author: Andreas Olsson

Requires: Python >=3.10, <4.0

Classifiers

Project description

SSH Zone Handler

  • You run your own DNS server(s), providing Secondary DNS to others?
  • You want to provide your DNS tenants with a bit of debugging self-service?
  • You like SSH, but you don't want to grant people not-you full shell access?

If so, then this might just be the tool for you.

Usage

Usage example, based on local Vagrantfile setup.

$ vagrant up

$ alias ssh="ssh -i .vagrant/machines/secondary/virtualbox/private_key"

$ ssh alice@192.168.63.11 help
usage: command [ZONE]

help                 Display this help message
list                 List available zones
dump ZONE            Output full content of ZONE
logs ZONE1 [ZONE2]   Output the last five days' log entries for ZONE(s)
retransfer ZONE      Trigger a full (AXFR) retransfer of ZONE
status ZONE          Show ZONE status
$

$ ssh alice@192.168.63.11 list
example.com
example.net
$

$ ssh alice@192.168.63.11 logs example.net
Apr 28 17:52:00 szh-secondary named[2821]: zone example.net/IN: Transfer started.
Apr 28 17:52:00 szh-secondary named[2821]: transfer of 'example.net/IN' from 192.168.63.10#53: connected using 192.168.63.10#53
Apr 28 17:52:00 szh-secondary named[2821]: zone example.net/IN: transferred serial 26281038
Apr 28 17:52:00 szh-secondary named[2821]: transfer of 'example.net/IN' from 192.168.63.10#53: Transfer status: success
Apr 28 17:52:00 szh-secondary named[2821]: transfer of 'example.net/IN' from 192.168.63.10#53: Transfer completed: 1 messages, 6 records, 190 bytes, 0.008 secs (23750 bytes/sec) (serial 26281038)
$

Setup instructions

Create log viewer user with journald access

adduser --system --no-create-home --home /nonexistent --shell /usr/sbin/nologin --ingroup systemd-journal log-viewer

Create configuration

Create /etc/zone-handler.yaml based on either zone-handler.yaml.bind.example or zone-handler.yaml.knot.example.

Install application

python3 -m venv /opt/ssh-zone-handler
/opt/ssh-zone-handler/bin/pip3 install ssh-zone-handler

Generate sudoers rules

/opt/ssh-zone-handler/bin/szh-sudoers | EDITOR="tee" visudo -f /etc/sudoers.d/zone-handler

Configure sshd

Match User alice,bob
     ForceCommand /opt/ssh-zone-handler/bin/szh-wrapper
     PermitTTY no
     AllowTcpForwarding no
     X11Forwarding no

Known limitations

  • Might be Ubuntu distro specific

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for andreaso from gravatar.com andreaso

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: MIT License (MIT)

Author: Andreas Olsson

Requires: Python >=3.10, <4.0

Classifiers

Release history Release notifications | RSS feed

This version

0.3.2

0.3.1

0.3.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ssh_zone_handler-0.3.2.tar.gz (7.9 kB view hashes)

Uploaded Source

Built Distribution

ssh_zone_handler-0.3.2-py3-none-any.whl (10.3 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page