4 Update DNS records by simply SSH'ing into a server.
6 The idea is to create a separate "dyndns" user on the DNS server.
7 It gets the ``ssh-dyndns`` script as login shell, so that no other programs
9 SSH provides secure, password-less key-based authentication.
11 Upon login, the remote IP is used to create/update a tinydns file with the
12 DNS record for a hostname given by the SSH client.
14 tinydns is part of the dbjdns/dbndns package.
23 1. Clone ssh-dyndns into a sensible location, e.g. ``/usr/local/src/ssh-dyndns``::
25 $ cd /usr/local/src/ && git clone git://git.cweiske.de/ssh-dyndns.git
27 2. Create a user with ``ssh-dyndns`` as login shell::
29 $ useradd -g nogroup -m -N -s /usr/local/src/ssh-dyndns/ssh-dyndns dyndns
31 3. Prepare password-less ssh keys for the dyndns user::
33 $ su - dyndns -s /bin/bash
36 4. Prevent showing login messages::
38 $ su - dyndns -s /bin/bash
41 Alternatively, you may commend out the "motd" lines in ``/etc/pam.d/sshd``
42 5. Configure ssh-dyndns as root::
44 $ cp /usr/local/src/ssh-dyndns/ssh-dyndns.sh.config-dist /etc/ssh-dyndns.sh
45 $ nano /etc/ssh-dyndns.sh
47 6. Allow ssh-dyndns to run "sudo make" without password::
50 dyndns ALL= NOPASSWD: /usr/bin/make
55 On a machine at home, or which other IP you want to dyndns, setup a new ssh key
56 as one of your users::
60 $ ssh-keygen -N "" -C "dyndns@home.example.org" -f ~/ssh-dyndns/ssh-dyndns_rsa
62 Copy the contents of the public key (``ssh-dyndns_rsa.pub``) into
63 ``/home/dyndns/.ssh/authorized_keys`` on your server.
65 Run the next command manually to confirm the new ssh key::
67 $ cd ~/ssh-dyndns/ && ssh -i ssh-dyndns_rsa dyndns@example.org home.example.org
69 If that worked, and you DNS entry worked, add the command to cron::
72 # update dns entry home.example.org every 5 minutes
73 */5 * * * * cd /home/$user/ssh-dyndns/ && ssh -i ssh-dyndns_rsa dyndns@example.org home.example.org
78 The configuration file template ``ssh-dyndns.sh.config-dist`` may be copied
79 to either ``/etc/ssh-dyndns.sh`` or ``~/.config/ssh-dyndns.sh``.
81 The system-wide config file is loaded first, the user-specific one after that.
83 The configuration file may define the following variables:
86 Path to the tinydns zone files, e.g. ``/etc/tinydns/root/``
88 File name template. ``%DOMAIN%`` will be replaced with the actual
91 Default: ``data-dyndns-%DOMAIN%``
93 DNS entry TTL (time to live) in seconds
97 Defines patterns for domains that may be dynamically changed.
98 If the domain name does not match the pattern, the script aborts.
100 You may use several patterns by separating them with a space.
101 Shell wildcards are supported (``*`` and ``?``).
103 Default: ``home.example.org *.home.example.org``
109 Simply ssh into the server and pass the hostname as parameter::
111 $ ssh dyndns@example.org home.example.org
113 This will start the ``ssh-dyndns`` script on the remote server, generate
114 the tinydns zone file and run ``make`` in the ``data_dir`` directory to
115 compile the ``data.cdb`` file.
116 tinydns will automatically pick up the change.
122 - IPv6 is not supported yet
128 ssh-dyndns is licensed under the `AGPL v3`__ or later.
130 __ http://www.gnu.org/licenses/agpl.html
136 Written by Christian Weiske, cweiske@cweiske.de