Reverse DNS lookup to match hostname in authorized_keys
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I have several sysadmin laptops and a cluster of servers. I am administering / rotating ssh keys on the servers from a script (call it rotate_keys.sh) that will run on any of the sysadmin laptops.
I have established the rule that each server will retain at most 1 (the latest) ssh key of a given sysadmin laptop.
The ssh keys are stored in the file authorized_keys that takes the form:
key1 user@device1-hostname
key2 user@device2-hostname
key3 user@device3-hostname
Each server has a script (call it update_keys.sh) that upon execution via ssh, will remove all keys associated with the machine that is currently connected to it. I (attempt to) do this by removing all lines that contain the hostname of a given client.
sed -i "/$client_hostname/d" authorized_keys
On the server, I grab the hostname of the client by doing a reverse dns lookup on the ip address from the environment variable $SSH_CONNECTION (which is set at the beginning of the ssh session).
client_ip=$(echo $SSH_CONNECTION | awk 'print $1')
client_hostname=$(nslookup $client_ip
| tail -2
| head -1
| awk 'print $4')
This returns a hostname in the format:
device-hostname.router-hostname.
For a lack of a better term, it gives me a "fully qualified hostname".
However, the hostnames in the authorized_keys omits the hostname of the router (subnet) that these devices are connected to. They simply appear as:
device-hostname
So, when I perform the following delete command, nothing matches.
sed -i "/$client_hostname/d" authorized_keys
Is there a way to either force the ssh daemon to record "fully qualified" hostnames. Or is there a tool for dns lookup that will only give me the name of the device, minus the hostnames of the routers its connected to?
I'd rather one of the above two approaches than disabling reverse dns in the ssh daemon (on the servers) because that would require that my sysadmin laptops have static ips.
ssh dns sshd
asked Feb 16 at 14:09
Jabari Dash
1012
add a comment |Â
up vote
0
down vote
favorite
I have several sysadmin laptops and a cluster of servers. I am administering / rotating ssh keys on the servers from a script (call it rotate_keys.sh) that will run on any of the sysadmin laptops.
I have established the rule that each server will retain at most 1 (the latest) ssh key of a given sysadmin laptop.
The ssh keys are stored in the file authorized_keys that takes the form:
key1 user@device1-hostname
key2 user@device2-hostname
key3 user@device3-hostname
Each server has a script (call it update_keys.sh) that upon execution via ssh, will remove all keys associated with the machine that is currently connected to it. I (attempt to) do this by removing all lines that contain the hostname of a given client.
sed -i "/$client_hostname/d" authorized_keys
On the server, I grab the hostname of the client by doing a reverse dns lookup on the ip address from the environment variable $SSH_CONNECTION (which is set at the beginning of the ssh session).
client_ip=$(echo $SSH_CONNECTION | awk 'print $1')
client_hostname=$(nslookup $client_ip
| tail -2
| head -1
| awk 'print $4')
This returns a hostname in the format:
device-hostname.router-hostname.
For a lack of a better term, it gives me a "fully qualified hostname".
However, the hostnames in the authorized_keys omits the hostname of the router (subnet) that these devices are connected to. They simply appear as:
device-hostname
So, when I perform the following delete command, nothing matches.
sed -i "/$client_hostname/d" authorized_keys
Is there a way to either force the ssh daemon to record "fully qualified" hostnames. Or is there a tool for dns lookup that will only give me the name of the device, minus the hostnames of the routers its connected to?
I'd rather one of the above two approaches than disabling reverse dns in the ssh daemon (on the servers) because that would require that my sysadmin laptops have static ips.
ssh dns sshd
asked Feb 16 at 14:09
Jabari Dash
1012
Can you not just cut the end off the device-hostname when you do the nslookup? Or have i misunderstood?cut -d . -f1after yourawkwill do that.
– alpha
Feb 16 at 14:28
@DeclanGallagher I can cut it off. I am hesitant to do that because I know that in theauthorized_keysthe full name isn't there only because I am on the same network. But, once i take the sysadmin machines off the same network as the clusters, i'd get fully qualified namessuch as hostname.example.com. So I wan't ssh daemon to always used fully qualified if possible toauthorized_keys
– Jabari Dash
Feb 16 at 17:43
1
The thing after the key is technically a comment field of unspecified payload, it just has the user in there by convention. I think I'm too confused about who puts what where to know whether that helps you.
– Ulrich Schwarz
Feb 16 at 18:05
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I have several sysadmin laptops and a cluster of servers. I am administering / rotating ssh keys on the servers from a script (call it rotate_keys.sh) that will run on any of the sysadmin laptops.
I have established the rule that each server will retain at most 1 (the latest) ssh key of a given sysadmin laptop.
The ssh keys are stored in the file authorized_keys that takes the form:
key1 user@device1-hostname
key2 user@device2-hostname
key3 user@device3-hostname
Each server has a script (call it update_keys.sh) that upon execution via ssh, will remove all keys associated with the machine that is currently connected to it. I (attempt to) do this by removing all lines that contain the hostname of a given client.
sed -i "/$client_hostname/d" authorized_keys
On the server, I grab the hostname of the client by doing a reverse dns lookup on the ip address from the environment variable $SSH_CONNECTION (which is set at the beginning of the ssh session).
client_ip=$(echo $SSH_CONNECTION | awk 'print $1')
client_hostname=$(nslookup $client_ip
| tail -2
| head -1
| awk 'print $4')
This returns a hostname in the format:
device-hostname.router-hostname.
For a lack of a better term, it gives me a "fully qualified hostname".
However, the hostnames in the authorized_keys omits the hostname of the router (subnet) that these devices are connected to. They simply appear as:
device-hostname
So, when I perform the following delete command, nothing matches.
sed -i "/$client_hostname/d" authorized_keys
Is there a way to either force the ssh daemon to record "fully qualified" hostnames. Or is there a tool for dns lookup that will only give me the name of the device, minus the hostnames of the routers its connected to?
I'd rather one of the above two approaches than disabling reverse dns in the ssh daemon (on the servers) because that would require that my sysadmin laptops have static ips.
ssh dns sshd
asked Feb 16 at 14:09
Jabari Dash
1012
I have several sysadmin laptops and a cluster of servers. I am administering / rotating ssh keys on the servers from a script (call it rotate_keys.sh) that will run on any of the sysadmin laptops.
I have established the rule that each server will retain at most 1 (the latest) ssh key of a given sysadmin laptop.
The ssh keys are stored in the file authorized_keys that takes the form:
key1 user@device1-hostname
key2 user@device2-hostname
key3 user@device3-hostname
Each server has a script (call it update_keys.sh) that upon execution via ssh, will remove all keys associated with the machine that is currently connected to it. I (attempt to) do this by removing all lines that contain the hostname of a given client.
sed -i "/$client_hostname/d" authorized_keys
On the server, I grab the hostname of the client by doing a reverse dns lookup on the ip address from the environment variable $SSH_CONNECTION (which is set at the beginning of the ssh session).
client_ip=$(echo $SSH_CONNECTION | awk 'print $1')
client_hostname=$(nslookup $client_ip
| tail -2
| head -1
| awk 'print $4')
This returns a hostname in the format:
device-hostname.router-hostname.
For a lack of a better term, it gives me a "fully qualified hostname".
However, the hostnames in the authorized_keys omits the hostname of the router (subnet) that these devices are connected to. They simply appear as:
device-hostname
So, when I perform the following delete command, nothing matches.
sed -i "/$client_hostname/d" authorized_keys
Is there a way to either force the ssh daemon to record "fully qualified" hostnames. Or is there a tool for dns lookup that will only give me the name of the device, minus the hostnames of the routers its connected to?
I'd rather one of the above two approaches than disabling reverse dns in the ssh daemon (on the servers) because that would require that my sysadmin laptops have static ips.
ssh dns sshd
asked Feb 16 at 14:09
Jabari Dash
1012
asked Feb 16 at 14:09
Jabari Dash
1012
asked Feb 16 at 14:09
Jabari Dash
1012
asked Feb 16 at 14:09
Jabari Dash
1012
1012
Can you not just cut the end off the device-hostname when you do the nslookup? Or have i misunderstood?cut -d . -f1after yourawkwill do that.
– alpha
Feb 16 at 14:28
@DeclanGallagher I can cut it off. I am hesitant to do that because I know that in theauthorized_keysthe full name isn't there only because I am on the same network. But, once i take the sysadmin machines off the same network as the clusters, i'd get fully qualified namessuch as hostname.example.com. So I wan't ssh daemon to always used fully qualified if possible toauthorized_keys
– Jabari Dash
Feb 16 at 17:43
1
The thing after the key is technically a comment field of unspecified payload, it just has the user in there by convention. I think I'm too confused about who puts what where to know whether that helps you.
– Ulrich Schwarz
Feb 16 at 18:05
add a comment |Â
Can you not just cut the end off the device-hostname when you do the nslookup? Or have i misunderstood?cut -d . -f1after yourawkwill do that.
– alpha
Feb 16 at 14:28
@DeclanGallagher I can cut it off. I am hesitant to do that because I know that in theauthorized_keysthe full name isn't there only because I am on the same network. But, once i take the sysadmin machines off the same network as the clusters, i'd get fully qualified namessuch as hostname.example.com. So I wan't ssh daemon to always used fully qualified if possible toauthorized_keys
– Jabari Dash
Feb 16 at 17:43
1
The thing after the key is technically a comment field of unspecified payload, it just has the user in there by convention. I think I'm too confused about who puts what where to know whether that helps you.
– Ulrich Schwarz
Feb 16 at 18:05
Can you not just cut the end off the device-hostname when you do the nslookup? Or have i misunderstood?
cut -d . -f1 after your awk will do that.– alpha
Feb 16 at 14:28
Can you not just cut the end off the device-hostname when you do the nslookup? Or have i misunderstood?
cut -d . -f1 after your awk will do that.– alpha
Feb 16 at 14:28
@DeclanGallagher I can cut it off. I am hesitant to do that because I know that in the
authorized_keys the full name isn't there only because I am on the same network. But, once i take the sysadmin machines off the same network as the clusters, i'd get fully qualified namessuch as hostname.example.com. So I wan't ssh daemon to always used fully qualified if possible to authorized_keys– Jabari Dash
Feb 16 at 17:43
@DeclanGallagher I can cut it off. I am hesitant to do that because I know that in the
authorized_keys the full name isn't there only because I am on the same network. But, once i take the sysadmin machines off the same network as the clusters, i'd get fully qualified namessuch as hostname.example.com. So I wan't ssh daemon to always used fully qualified if possible to authorized_keys– Jabari Dash
Feb 16 at 17:43
1
1
The thing after the key is technically a comment field of unspecified payload, it just has the user in there by convention. I think I'm too confused about who puts what where to know whether that helps you.
– Ulrich Schwarz
Feb 16 at 18:05
The thing after the key is technically a comment field of unspecified payload, it just has the user in there by convention. I think I'm too confused about who puts what where to know whether that helps you.
– Ulrich Schwarz
Feb 16 at 18:05
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
0
down vote
Try the following awk command:
nslookup $client_ip | awk '/name =/ split($4,add,".") END print add[1]'
This will run the nslookup command, look for all lines with names = and then split the 4th space delimited space field with . putting the results in the array add. We then print the first element of the array to reveal the hostname for the last entry found.
answered Feb 16 at 14:26
Raman Sailopal
1,18317
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
Try the following awk command:
nslookup $client_ip | awk '/name =/ split($4,add,".") END print add[1]'
This will run the nslookup command, look for all lines with names = and then split the 4th space delimited space field with . putting the results in the array add. We then print the first element of the array to reveal the hostname for the last entry found.
answered Feb 16 at 14:26
Raman Sailopal
1,18317
add a comment |Â
up vote
0
down vote
Try the following awk command:
nslookup $client_ip | awk '/name =/ split($4,add,".") END print add[1]'
This will run the nslookup command, look for all lines with names = and then split the 4th space delimited space field with . putting the results in the array add. We then print the first element of the array to reveal the hostname for the last entry found.
answered Feb 16 at 14:26
Raman Sailopal
1,18317
add a comment |Â
up vote
0
down vote
up vote
0
down vote
Try the following awk command:
nslookup $client_ip | awk '/name =/ split($4,add,".") END print add[1]'
This will run the nslookup command, look for all lines with names = and then split the 4th space delimited space field with . putting the results in the array add. We then print the first element of the array to reveal the hostname for the last entry found.
answered Feb 16 at 14:26
Raman Sailopal
1,18317
Try the following awk command:
nslookup $client_ip | awk '/name =/ split($4,add,".") END print add[1]'
This will run the nslookup command, look for all lines with names = and then split the 4th space delimited space field with . putting the results in the array add. We then print the first element of the array to reveal the hostname for the last entry found.
answered Feb 16 at 14:26
Raman Sailopal
1,18317
answered Feb 16 at 14:26
Raman Sailopal
1,18317
answered Feb 16 at 14:26
Raman Sailopal
1,18317
answered Feb 16 at 14:26
Raman Sailopal
1,18317
1,18317
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f424613%2freverse-dns-lookup-to-match-hostname-in-authorized-keys%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Can you not just cut the end off the device-hostname when you do the nslookup? Or have i misunderstood?
cut -d . -f1after yourawkwill do that.– alpha
Feb 16 at 14:28
@DeclanGallagher I can cut it off. I am hesitant to do that because I know that in the
authorized_keysthe full name isn't there only because I am on the same network. But, once i take the sysadmin machines off the same network as the clusters, i'd get fully qualified namessuch as hostname.example.com. So I wan't ssh daemon to always used fully qualified if possible toauthorized_keys– Jabari Dash
Feb 16 at 17:43
1
The thing after the key is technically a comment field of unspecified payload, it just has the user in there by convention. I think I'm too confused about who puts what where to know whether that helps you.
– Ulrich Schwarz
Feb 16 at 18:05