dyndns via ssh+tinydns (dbjdns/dbndns). Mirror of http://git.cweiske.de/?p=ssh-dyndns.git
AGPL-3.0 License
ssh-dyndns
Update DNS records by simply SSH'ing into a server.
The idea is to create a separate "dyndns" user on the DNS server.
It gets the ssh-dyndns
script as login shell, so that no other programs
may be executed.
SSH provides secure, password-less key-based authentication.
Upon login, the remote IP is used to create/update a tinydns file with the DNS record for a hostname given by the SSH client. In addition to the IP record, a TXT record with the update time will be added.
tinydns is part of the dbjdns/dbndns package.
Clone ssh-dyndns into a sensible location, e.g. /usr/local/src/ssh-dyndns
::
$ cd /usr/local/src/ && git clone git://git.cweiske.de/ssh-dyndns.git
Create a user with ssh-dyndns
as login shell::
$ useradd -g nogroup -m -N -s /usr/local/src/ssh-dyndns/ssh-dyndns dyndns
Prepare password-less ssh keys for the dyndns user::
$ su - dyndns -s /bin/bash $ mkdir ~/.ssh
Prevent showing login messages::
$ su - dyndns -s /bin/bash $ touch ~/.hushlogin
Alternatively, you may commend out the "motd" lines in /etc/pam.d/sshd
Configure ssh-dyndns as root::
$ cp /usr/local/src/ssh-dyndns/ssh-dyndns.sh.config-dist /etc/ssh-dyndns.sh $ nano /etc/ssh-dyndns.sh
Allow ssh-dyndns to run "sudo make" without password::
$ visudo dyndns ALL= NOPASSWD: /usr/bin/make
On a machine at home, or which other IP you want to dyndns, setup a new ssh key as one of your users::
$ mkdir ~ssh-dyndns
$ cd ~/ssh-dyndns
$ ssh-keygen -N "" -C "[email protected]" -f ~/ssh-dyndns/ssh-dyndns_rsa
Copy the contents of the public key (ssh-dyndns_rsa.pub
) into
/home/dyndns/.ssh/authorized_keys
on your server.
Run the next command manually to confirm the new ssh key::
$ cd ~/ssh-dyndns/ && ssh -i ssh-dyndns_rsa [email protected] home.example.org
If that worked, and you DNS entry worked, add the command to cron::
$ crontab -e
# update dns entry home.example.org every 5 minutes
*/5 * * * * cd /home/$user/ssh-dyndns/ && ssh -i ssh-dyndns_rsa [email protected] home.example.org
The configuration file template ssh-dyndns.sh.config-dist
may be copied
to either /etc/ssh-dyndns.sh
or ~/.config/ssh-dyndns.sh
.
The system-wide config file is loaded first, the user-specific one after that.
The configuration file may define the following variables:
data_dir
Path to the tinydns zone files, e.g. /etc/tinydns/root/
file_pattern
File name template. %DOMAIN%
will be replaced with the actual
domain name.
Default: ``data-dyndns-%DOMAIN%``
timeout
DNS entry TTL (time to live) in seconds
Default: 300
domain_patterns
Defines patterns for domains that may be dynamically changed.
If the domain name does not match the pattern, the script aborts.
You may use several patterns by separating them with a space.
Shell wildcards are supported (``*`` and ``?``).
Default: ``home.example.org *.home.example.org``
Simply ssh into the server and pass the hostname as parameter::
$ ssh [email protected] home.example.org
This will start the ssh-dyndns
script on the remote server, generate
the tinydns zone file and run make
in the data_dir
directory to
compile the data.cdb
file.
tinydns will automatically pick up the change.
::
$ dig +short home.example.org ANY
"Last update 2013-08-21 21.21.28+02.00."
123.45.67.89
You can test it locally:
Create config file::
$ cp ssh-dyndns.sh.config-dist ~/.config/ssh-dyndns.sh
Create dummy makefile::
$ touch /tmp/Makefile
Run it::
$ SSH_CLIENT=192.168.1.4 SSH_CONNECTION=1 ./ssh-dyndns foo home.example.org
See generated file::
$ cat /tmp/data-dyndns-home.example.org
ssh-dyndns is licensed under the AGPL v3
__ or later.
__ http://www.gnu.org/licenses/agpl.html
Written by Christian Weiske, [email protected]