SSH commands to provide Secondary DNS self-service.

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for andreaso from gravatar.com andreaso
Meta

Unverified details

These details have not been verified by PyPI
Meta
Classifiers
Report project as malware

Project description

SSH Zone Handler

  • You run your own DNS server(s), providing Secondary DNS to others?
  • You want to provide your DNS tenants with a bit of debugging self-service?
  • You like SSH, but you don't want to grant people not-you full shell access?

If so, then this might just be the tool for you. It supports dumping out zone content, viewing server logs as well as triggering full AXFR zone (re)transfers.

Usage

Usage example, based on local Multipass setup.

make vm-create

alias ssh='ssh -F devel/.dynamic/ssh_conf'

$ ssh zones@szh-named help
usage: command [ZONE]

help                 Display this help message
list                 List available zones
dump ZONE            Output full content of ZONE
logs ZONE1 [ZONE2]   Output the last five days' log entries for ZONE(s)
retransfer ZONE      Trigger a full (AXFR) retransfer of ZONE
$

$ ssh zones@szh-named list
example.com
example.net
$

$ ssh zones@szh-named logs example.net
Apr 28 17:52:00 szh-named named[2821]: zone example.net/IN: Transfer started.
Apr 28 17:52:00 szh-named named[2821]: transfer of 'example.net/IN' from 192.168.63.10#53: connected using 192.168.63.10#53
Apr 28 17:52:00 szh-named named[2821]: zone example.net/IN: transferred serial 26281038
Apr 28 17:52:00 szh-named named[2821]: transfer of 'example.net/IN' from 192.168.63.10#53: Transfer status: success
Apr 28 17:52:00 szh-named named[2821]: transfer of 'example.net/IN' from 192.168.63.10#53: Transfer completed: 1 messages, 6 records, 190 bytes, 0.008 secs (23750 bytes/sec) (serial 26281038)
$

Setup instructions

Create user accounts

adduser --comment "SSH Zone Handler journalctl sudo access" --ingroup systemd-journal --system szh-logviewer
adduser --comment "SSH Zone Handler OpenSSH AuthorizedKeysCommandUser" --system szh-sshdcmd
adduser --comment "SSH Zone Handler shared login user" --disabled-password  zones

Create configuration

Create /etc/zone-handler.yaml based on either zone-handler.yaml.bind.example or zone-handler.yaml.knot.example.

Install application

python3 -m venv /opt/ssh-zone-handler
/opt/ssh-zone-handler/bin/pip3 install ssh-zone-handler

Generate sudoers rules

/opt/ssh-zone-handler/bin/szh-sudoers | EDITOR="tee" visudo -f /etc/sudoers.d/zone-handler

Configure sshd

Match User zones
     AuthorizedKeysFile none
     AuthorizedKeysCommandUser szh-sshdcmd
     AuthorizedKeysCommand /opt/ssh-zone-handler/bin/szh-sshkeys
     DisableForwarding yes
     PermitTTY no

Known limitations

  • Might be Debian/Ubuntu distro specific
  • Currently only supports BIND 9 and Knot

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for andreaso from gravatar.com andreaso
Meta

Unverified details

These details have not been verified by PyPI
Meta
Classifiers

Release history Release notifications | RSS feed

This version

0.4.1

0.4.0

0.3.3

0.3.2

0.3.1

0.3.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ssh_zone_handler-0.4.1.tar.gz (8.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

ssh_zone_handler-0.4.1-py3-none-any.whl (11.4 kB view details)

Uploaded Python 3

File details

Details for the file ssh_zone_handler-0.4.1.tar.gz.

File metadata

  • Download URL: ssh_zone_handler-0.4.1.tar.gz
  • Upload date:
  • Size: 8.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for ssh_zone_handler-0.4.1.tar.gz
Algorithm Hash digest
SHA256 dcf1c78d2f87ddb0adb3c44903474cc3deda5e969f1b16ea49fb7ca23d96e9d3
MD5 e4adacf8c55056ec28ce9f34c261554c
BLAKE2b-256 3cfb21b922dcedee11744caf01dbc4a015f23b6176ad538314c4671e93c167ee

See more details on using hashes here.

Provenance

The following attestation bundles were made for ssh_zone_handler-0.4.1.tar.gz:

Publisher: publish.yaml on andreaso/ssh-zone-handler

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ssh_zone_handler-0.4.1-py3-none-any.whl.

File metadata

File hashes

Hashes for ssh_zone_handler-0.4.1-py3-none-any.whl
Algorithm Hash digest
SHA256 67ec160957f8cfaae7c8ebd556cdf1450f37bce8c8dfa925e8f34bba855f2829
MD5 db7bfca7b9b91674bb1775486497785e
BLAKE2b-256 d1fc0f676b12007c58fb051666f823c73fbd7d33c4122b2fbc95e95e1ec7d266

See more details on using hashes here.

Provenance

The following attestation bundles were made for ssh_zone_handler-0.4.1-py3-none-any.whl:

Publisher: publish.yaml on andreaso/ssh-zone-handler

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page