Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
1 result

sshgen

  • Clone with SSH
  • Clone with HTTPS
    • Name Last commit Last update
    .gitignore
    .gitlab-ci.yml
    README.md
    generate.py
    sshgen.example.cfg
    zonedl.py
    README.md

    SSHgen: tooling to generate SSH configs

    zonedl.py

    zonedl.py allows downloading one or more zone files from the RWTE^2H Aachen DNS-Admin-Portal. It allows administrators to configure their zone through a web interface and is able to generate a "preview" of the zone. After authenticating via Shibboleth, this file can be downloaded (and stripped of HTML).

    The program has the following options and arguments:

    • --list lists available zones without actually downloading them.
    • --zone downloads one or more zones by its internal id.
    • --domain downloads one or more zones by their domain names.
    • --passwordstore specify the passwordstore entry to use for login via Shibboleth (if not specified, ask for username/password on the terminal).
    • dest destination to download zone(s), can be a directory, - for stdout.

    The URLs used for Shibboleth authentication and the DNS-Portal are specified at the beginning of the source file. They may change. Also, this program relies on parsing the HTML structure of the DNS-Portal and Login-Page to some extent. Beware of changes.

    An alternative to this program would be gaining AXFR access to the authorative DNS server, which has not been granted to us, yet.

    Update: Due to the problems inherent with this approach as outlined above, I resorted to downloading RWTE^3H's /etc/hosts file, which is accesible without any login. It contains the necessary information in a less structured manner, so I added some support in generate.py to detect and work around that. Using the new required config option, one can eliminate all the irrelevant hosts in that file. This method is more stable and thus zonedl.py probably won't get fixed.

    generate.py

    generate.py takes one or more zone files as input, reads some configuration file and generates and returns a SSH configuration file. This allows management of CNAME aliases and multiple A records and at the same time use consistent host keys and configuration options.

    Currently, the possible options which one can configure is quite limited to the most pressing use cases of my config. This could be improved easily.

    The configurations file lives either at ./sshgen.cfg or the location given by --cfg. Select a preset with --preset. A sample configuration file is available. It configures the location of the zone file(s), the domain stripping and proxy presets, and the various rewriting/exclusion/aliasing/agent settings.