Purpose

I like to always be able to get to my machines or at least know where they're at. Mostly, I want to be able to get into my home desktop which is DHCP'd via cable and the machine that runs the forums is also DHCP'd via DSL. It would be nice to not have to update DNS tables by hand.

Theory

An SSH public key for each DHCP host line is stored on the DNS host. This key contains a command line that runs a script on the DNS machine that updates the DNS tables.

Practical

  1. Create a new DSA keypair without a password:

    # ssh-keygen -t dsa -N "" -f dns.key

    Not having a passphrase is a security risk, but it's not too bad assuming you effectively guard your private key and that the public key on the DNS machine is limited to the required commands.

  2. Edit the public key to run the DNS updating script and do nothing else:

    command="/usr/bin/perl /etc/tinydns/dynupdate",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty

    [Just in case you're getting any ideas, this isn't a key that I use. I just made it for example of this page.]

  3. Copy the public key to the DNS machine and the private key to the DHCP assigned machine.

  4. Put a copy of this script into /etc/tinydns/. I can't stress this enough: READ IT FIRST. Basically what it does is:

    • read the hostname from the command line
    • append the domain name
    • grab your ip from the ssh environment variable
    • replace or append your hostname and ip in the dynamic.data file
    • replace any other instances (aliases and the like) in dynamic.data of your old ip with the new one
    • run the new Makefile

  5. Replace the Makefile in /etc/tinydns/root/. The new one:

    • checks and if necessary adjusts the data file permissions
    • combines static.data with dynamic.data to make the data file tinydns needs
    • compiles the data file as the old Makefile did

  6. Setup the files on the DNS server:

    # touch /etc/tinydns/root/dynamic.data
    # cp /etc/tinydns/root/data /etc/tinydns/root/static.data

  7. Tell the dynamically assigned machine to connect to the DNS server every time its address changes. Using dhcpcd under Debian / Testing on my VPR Matrix 220a5, I did the following:
    • Added the following line to my dhcpcd.exe:

      /etc/dhcpc/dhcpc-$INTERFACE.exe

      which runs a new script every time the status of an interface changes.
    • Created dhcpc-eth0.exe with very simple contents:

      ssh -i /root/.ssh/dns.key -n blessed.wolfteck.com

      You need to adjust it to connect to your DNS server. If you don't like the whole automation system interacting with DHCP, you can just run this command by hand every time you get a new IP address.
That's about it. It works for me. I hope it works for you.

Refences

[Praxis Software]

I got the general idea as well as the script I tweaked from here. If my directions don't work for you, try theirs.

[ONLamp]

You gotta love excerpts on how ssh works. Mostly remember that openssh and commercial ssh do NOT work the same

[OpenSSH]

Again, how the keys work differently between systems

Last updated: Sunday, 20-Sep-2009 16:55:49 CDT

Contact me at randall dot will at gmail dot com

Hobbies

Vintage Motorcycles

Networking

Facebook
LinkedIn

Presence

Ubuntu
Discount ASP.NET
CPAN
p2p Wrox
Roundcube
Freshmeat
Blogger
uShip
Psychology Software Tools
Virtual Corvair Club
Chopper Charles
Live Journal

Thoughts

Borrowed Philosophy
Historical Histrionics
Current Histrionics

Old Projects

Motorola V400 / Linux
HP ZE4200 / Linux
VPR Matrix 220a5 / Linux
FreeRadius Accounting / Linux
LDAP / FreeRadius Auth / Linux
Remote MySQL / OSX
Stewie Radio Automation
Wireless Wandering Done Right
DynDNS: TinyDNS / OpenSSH
Xilinx WebPACK 6.3 / Wine
Xilinx WebPACK 7.1 / Debian
Apache 301 Redirection
Using Your Debian Cache
Google AdSense
Gnome AdSense Monitor
Pixlatch Gallery Generator
C#.NET Tips & Tricks
Ubuntu Breezy Clockmod Bug