Reverse DNS lookup to match hostname in authorized_keys

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite












I have several sysadmin laptops and a cluster of servers. I am administering / rotating ssh keys on the servers from a script (call it rotate_keys.sh) that will run on any of the sysadmin laptops.



I have established the rule that each server will retain at most 1 (the latest) ssh key of a given sysadmin laptop.



The ssh keys are stored in the file authorized_keys that takes the form:



key1 user@device1-hostname
key2 user@device2-hostname
key3 user@device3-hostname


Each server has a script (call it update_keys.sh) that upon execution via ssh, will remove all keys associated with the machine that is currently connected to it. I (attempt to) do this by removing all lines that contain the hostname of a given client.



sed -i "/$client_hostname/d" authorized_keys


On the server, I grab the hostname of the client by doing a reverse dns lookup on the ip address from the environment variable $SSH_CONNECTION (which is set at the beginning of the ssh session).



client_ip=$(echo $SSH_CONNECTION | awk 'print $1')
client_hostname=$(nslookup $client_ip
| tail -2
| head -1
| awk 'print $4')


This returns a hostname in the format:



device-hostname.router-hostname.


For a lack of a better term, it gives me a "fully qualified hostname".



However, the hostnames in the authorized_keys omits the hostname of the router (subnet) that these devices are connected to. They simply appear as:



device-hostname


So, when I perform the following delete command, nothing matches.



sed -i "/$client_hostname/d" authorized_keys


Is there a way to either force the ssh daemon to record "fully qualified" hostnames. Or is there a tool for dns lookup that will only give me the name of the device, minus the hostnames of the routers its connected to?



I'd rather one of the above two approaches than disabling reverse dns in the ssh daemon (on the servers) because that would require that my sysadmin laptops have static ips.







share|improve this question




















  • Can you not just cut the end off the device-hostname when you do the nslookup? Or have i misunderstood? cut -d . -f1 after your awk will do that.
    – alpha
    Feb 16 at 14:28











  • @DeclanGallagher I can cut it off. I am hesitant to do that because I know that in the authorized_keys the full name isn't there only because I am on the same network. But, once i take the sysadmin machines off the same network as the clusters, i'd get fully qualified namessuch as hostname.example.com. So I wan't ssh daemon to always used fully qualified if possible to authorized_keys
    – Jabari Dash
    Feb 16 at 17:43






  • 1




    The thing after the key is technically a comment field of unspecified payload, it just has the user in there by convention. I think I'm too confused about who puts what where to know whether that helps you.
    – Ulrich Schwarz
    Feb 16 at 18:05














up vote
0
down vote

favorite












I have several sysadmin laptops and a cluster of servers. I am administering / rotating ssh keys on the servers from a script (call it rotate_keys.sh) that will run on any of the sysadmin laptops.



I have established the rule that each server will retain at most 1 (the latest) ssh key of a given sysadmin laptop.



The ssh keys are stored in the file authorized_keys that takes the form:



key1 user@device1-hostname
key2 user@device2-hostname
key3 user@device3-hostname


Each server has a script (call it update_keys.sh) that upon execution via ssh, will remove all keys associated with the machine that is currently connected to it. I (attempt to) do this by removing all lines that contain the hostname of a given client.



sed -i "/$client_hostname/d" authorized_keys


On the server, I grab the hostname of the client by doing a reverse dns lookup on the ip address from the environment variable $SSH_CONNECTION (which is set at the beginning of the ssh session).



client_ip=$(echo $SSH_CONNECTION | awk 'print $1')
client_hostname=$(nslookup $client_ip
| tail -2
| head -1
| awk 'print $4')


This returns a hostname in the format:



device-hostname.router-hostname.


For a lack of a better term, it gives me a "fully qualified hostname".



However, the hostnames in the authorized_keys omits the hostname of the router (subnet) that these devices are connected to. They simply appear as:



device-hostname


So, when I perform the following delete command, nothing matches.



sed -i "/$client_hostname/d" authorized_keys


Is there a way to either force the ssh daemon to record "fully qualified" hostnames. Or is there a tool for dns lookup that will only give me the name of the device, minus the hostnames of the routers its connected to?



I'd rather one of the above two approaches than disabling reverse dns in the ssh daemon (on the servers) because that would require that my sysadmin laptops have static ips.







share|improve this question




















  • Can you not just cut the end off the device-hostname when you do the nslookup? Or have i misunderstood? cut -d . -f1 after your awk will do that.
    – alpha
    Feb 16 at 14:28











  • @DeclanGallagher I can cut it off. I am hesitant to do that because I know that in the authorized_keys the full name isn't there only because I am on the same network. But, once i take the sysadmin machines off the same network as the clusters, i'd get fully qualified namessuch as hostname.example.com. So I wan't ssh daemon to always used fully qualified if possible to authorized_keys
    – Jabari Dash
    Feb 16 at 17:43






  • 1




    The thing after the key is technically a comment field of unspecified payload, it just has the user in there by convention. I think I'm too confused about who puts what where to know whether that helps you.
    – Ulrich Schwarz
    Feb 16 at 18:05












up vote
0
down vote

favorite









up vote
0
down vote

favorite











I have several sysadmin laptops and a cluster of servers. I am administering / rotating ssh keys on the servers from a script (call it rotate_keys.sh) that will run on any of the sysadmin laptops.



I have established the rule that each server will retain at most 1 (the latest) ssh key of a given sysadmin laptop.



The ssh keys are stored in the file authorized_keys that takes the form:



key1 user@device1-hostname
key2 user@device2-hostname
key3 user@device3-hostname


Each server has a script (call it update_keys.sh) that upon execution via ssh, will remove all keys associated with the machine that is currently connected to it. I (attempt to) do this by removing all lines that contain the hostname of a given client.



sed -i "/$client_hostname/d" authorized_keys


On the server, I grab the hostname of the client by doing a reverse dns lookup on the ip address from the environment variable $SSH_CONNECTION (which is set at the beginning of the ssh session).



client_ip=$(echo $SSH_CONNECTION | awk 'print $1')
client_hostname=$(nslookup $client_ip
| tail -2
| head -1
| awk 'print $4')


This returns a hostname in the format:



device-hostname.router-hostname.


For a lack of a better term, it gives me a "fully qualified hostname".



However, the hostnames in the authorized_keys omits the hostname of the router (subnet) that these devices are connected to. They simply appear as:



device-hostname


So, when I perform the following delete command, nothing matches.



sed -i "/$client_hostname/d" authorized_keys


Is there a way to either force the ssh daemon to record "fully qualified" hostnames. Or is there a tool for dns lookup that will only give me the name of the device, minus the hostnames of the routers its connected to?



I'd rather one of the above two approaches than disabling reverse dns in the ssh daemon (on the servers) because that would require that my sysadmin laptops have static ips.







share|improve this question












I have several sysadmin laptops and a cluster of servers. I am administering / rotating ssh keys on the servers from a script (call it rotate_keys.sh) that will run on any of the sysadmin laptops.



I have established the rule that each server will retain at most 1 (the latest) ssh key of a given sysadmin laptop.



The ssh keys are stored in the file authorized_keys that takes the form:



key1 user@device1-hostname
key2 user@device2-hostname
key3 user@device3-hostname


Each server has a script (call it update_keys.sh) that upon execution via ssh, will remove all keys associated with the machine that is currently connected to it. I (attempt to) do this by removing all lines that contain the hostname of a given client.



sed -i "/$client_hostname/d" authorized_keys


On the server, I grab the hostname of the client by doing a reverse dns lookup on the ip address from the environment variable $SSH_CONNECTION (which is set at the beginning of the ssh session).



client_ip=$(echo $SSH_CONNECTION | awk 'print $1')
client_hostname=$(nslookup $client_ip
| tail -2
| head -1
| awk 'print $4')


This returns a hostname in the format:



device-hostname.router-hostname.


For a lack of a better term, it gives me a "fully qualified hostname".



However, the hostnames in the authorized_keys omits the hostname of the router (subnet) that these devices are connected to. They simply appear as:



device-hostname


So, when I perform the following delete command, nothing matches.



sed -i "/$client_hostname/d" authorized_keys


Is there a way to either force the ssh daemon to record "fully qualified" hostnames. Or is there a tool for dns lookup that will only give me the name of the device, minus the hostnames of the routers its connected to?



I'd rather one of the above two approaches than disabling reverse dns in the ssh daemon (on the servers) because that would require that my sysadmin laptops have static ips.









share|improve this question











share|improve this question




share|improve this question










asked Feb 16 at 14:09









Jabari Dash

1012




1012











  • Can you not just cut the end off the device-hostname when you do the nslookup? Or have i misunderstood? cut -d . -f1 after your awk will do that.
    – alpha
    Feb 16 at 14:28











  • @DeclanGallagher I can cut it off. I am hesitant to do that because I know that in the authorized_keys the full name isn't there only because I am on the same network. But, once i take the sysadmin machines off the same network as the clusters, i'd get fully qualified namessuch as hostname.example.com. So I wan't ssh daemon to always used fully qualified if possible to authorized_keys
    – Jabari Dash
    Feb 16 at 17:43






  • 1




    The thing after the key is technically a comment field of unspecified payload, it just has the user in there by convention. I think I'm too confused about who puts what where to know whether that helps you.
    – Ulrich Schwarz
    Feb 16 at 18:05
















  • Can you not just cut the end off the device-hostname when you do the nslookup? Or have i misunderstood? cut -d . -f1 after your awk will do that.
    – alpha
    Feb 16 at 14:28











  • @DeclanGallagher I can cut it off. I am hesitant to do that because I know that in the authorized_keys the full name isn't there only because I am on the same network. But, once i take the sysadmin machines off the same network as the clusters, i'd get fully qualified namessuch as hostname.example.com. So I wan't ssh daemon to always used fully qualified if possible to authorized_keys
    – Jabari Dash
    Feb 16 at 17:43






  • 1




    The thing after the key is technically a comment field of unspecified payload, it just has the user in there by convention. I think I'm too confused about who puts what where to know whether that helps you.
    – Ulrich Schwarz
    Feb 16 at 18:05















Can you not just cut the end off the device-hostname when you do the nslookup? Or have i misunderstood? cut -d . -f1 after your awk will do that.
– alpha
Feb 16 at 14:28





Can you not just cut the end off the device-hostname when you do the nslookup? Or have i misunderstood? cut -d . -f1 after your awk will do that.
– alpha
Feb 16 at 14:28













@DeclanGallagher I can cut it off. I am hesitant to do that because I know that in the authorized_keys the full name isn't there only because I am on the same network. But, once i take the sysadmin machines off the same network as the clusters, i'd get fully qualified namessuch as hostname.example.com. So I wan't ssh daemon to always used fully qualified if possible to authorized_keys
– Jabari Dash
Feb 16 at 17:43




@DeclanGallagher I can cut it off. I am hesitant to do that because I know that in the authorized_keys the full name isn't there only because I am on the same network. But, once i take the sysadmin machines off the same network as the clusters, i'd get fully qualified namessuch as hostname.example.com. So I wan't ssh daemon to always used fully qualified if possible to authorized_keys
– Jabari Dash
Feb 16 at 17:43




1




1




The thing after the key is technically a comment field of unspecified payload, it just has the user in there by convention. I think I'm too confused about who puts what where to know whether that helps you.
– Ulrich Schwarz
Feb 16 at 18:05




The thing after the key is technically a comment field of unspecified payload, it just has the user in there by convention. I think I'm too confused about who puts what where to know whether that helps you.
– Ulrich Schwarz
Feb 16 at 18:05










1 Answer
1






active

oldest

votes

















up vote
0
down vote













Try the following awk command:



nslookup $client_ip | awk '/name =/ split($4,add,".") END print add[1]'


This will run the nslookup command, look for all lines with names = and then split the 4th space delimited space field with . putting the results in the array add. We then print the first element of the array to reveal the hostname for the last entry found.






share|improve this answer




















    Your Answer







    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "106"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: false,
    noModals: false,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );








     

    draft saved


    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f424613%2freverse-dns-lookup-to-match-hostname-in-authorized-keys%23new-answer', 'question_page');

    );

    Post as a guest






























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    0
    down vote













    Try the following awk command:



    nslookup $client_ip | awk '/name =/ split($4,add,".") END print add[1]'


    This will run the nslookup command, look for all lines with names = and then split the 4th space delimited space field with . putting the results in the array add. We then print the first element of the array to reveal the hostname for the last entry found.






    share|improve this answer
























      up vote
      0
      down vote













      Try the following awk command:



      nslookup $client_ip | awk '/name =/ split($4,add,".") END print add[1]'


      This will run the nslookup command, look for all lines with names = and then split the 4th space delimited space field with . putting the results in the array add. We then print the first element of the array to reveal the hostname for the last entry found.






      share|improve this answer






















        up vote
        0
        down vote










        up vote
        0
        down vote









        Try the following awk command:



        nslookup $client_ip | awk '/name =/ split($4,add,".") END print add[1]'


        This will run the nslookup command, look for all lines with names = and then split the 4th space delimited space field with . putting the results in the array add. We then print the first element of the array to reveal the hostname for the last entry found.






        share|improve this answer












        Try the following awk command:



        nslookup $client_ip | awk '/name =/ split($4,add,".") END print add[1]'


        This will run the nslookup command, look for all lines with names = and then split the 4th space delimited space field with . putting the results in the array add. We then print the first element of the array to reveal the hostname for the last entry found.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Feb 16 at 14:26









        Raman Sailopal

        1,18317




        1,18317






















             

            draft saved


            draft discarded


























             


            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f424613%2freverse-dns-lookup-to-match-hostname-in-authorized-keys%23new-answer', 'question_page');

            );

            Post as a guest













































































            Popular posts from this blog

            How to check contact read email or not when send email to Individual?

            Displaying single band from multi-band raster using QGIS

            How many registers does an x86_64 CPU actually have?