SSH commands to provide Secondary DNS self-service.
Project description
SSH Zone Handler
- You run your own DNS server(s), providing Secondary DNS to others?
- You want to provide your DNS tenants with a bit of debugging self-service?
- You like SSH, but you don't want to grant people not-you full shell access?
If so, then this might just be the tool for you.
Usage
Usage example, based on local Vagrantfile setup.
$ vagrant up
$ alias ssh="ssh -i .vagrant/machines/secondary/virtualbox/private_key"
$ ssh alice@192.168.63.11 help
usage: command [ZONE]
help Display this help message
list List available zones
dump ZONE Output full content of ZONE
logs ZONE1 [ZONE2] Output the last five days' log entries for ZONE(s)
retransfer ZONE Trigger a full (AXFR) retransfer of ZONE
status ZONE Show ZONE status
$
$ ssh alice@192.168.63.11 list
example.com
example.net
$
$ ssh alice@192.168.63.11 logs example.net
Apr 28 17:52:00 szh-secondary named[2821]: zone example.net/IN: Transfer started.
Apr 28 17:52:00 szh-secondary named[2821]: transfer of 'example.net/IN' from 192.168.63.10#53: connected using 192.168.63.10#53
Apr 28 17:52:00 szh-secondary named[2821]: zone example.net/IN: transferred serial 26281038
Apr 28 17:52:00 szh-secondary named[2821]: transfer of 'example.net/IN' from 192.168.63.10#53: Transfer status: success
Apr 28 17:52:00 szh-secondary named[2821]: transfer of 'example.net/IN' from 192.168.63.10#53: Transfer completed: 1 messages, 6 records, 190 bytes, 0.008 secs (23750 bytes/sec) (serial 26281038)
$
Setup instructions
Create log viewer user with journald access
adduser --system --no-create-home --home /nonexistent --shell /usr/sbin/nologin --ingroup systemd-journal log-viewer
Create configuration
Create /etc/zone-handler.yaml
based on either
zone-handler.yaml.bind.example or
zone-handler.yaml.knot.example.
Install application
python3 -m venv /opt/ssh-zone-handler
/opt/ssh-zone-handler/bin/pip3 install ssh-zone-handler
Generate sudoers rules
/opt/ssh-zone-handler/bin/szh-sudoers | EDITOR="tee" visudo -f /etc/sudoers.d/zone-handler
Configure sshd
Match User alice,bob
ForceCommand /opt/ssh-zone-handler/bin/szh-wrapper
PermitTTY no
AllowTcpForwarding no
X11Forwarding no
Known limitations
- Might be Ubuntu distro specific
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
ssh_zone_handler-0.3.2.tar.gz
(7.9 kB
view hashes)
Built Distribution
Close
Hashes for ssh_zone_handler-0.3.2-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | a1c31fb6c687449dd76075abe8571c18801fab82e39aacc7ba07cac81e22f2fa |
|
MD5 | 0d98c48b37fba2e5b01f30be2a2fb835 |
|
BLAKE2b-256 | 891bded573e4fb756b94dc5bf226a8d7dbcad1c96796cd201163d57514f99f2e |