{"id":23130390,"url":"https://github.com/andreaso/ssh-zone-handler","last_synced_at":"2025-06-19T09:34:48.095Z","repository":{"id":39674738,"uuid":"487117387","full_name":"andreaso/ssh-zone-handler","owner":"andreaso","description":"Secondary DNS self-service","archived":false,"fork":false,"pushed_at":"2024-11-14T19:17:55.000Z","size":189,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-06-11T06:14:14.238Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/andreaso.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-04-29T21:42:20.000Z","updated_at":"2024-11-14T19:17:26.000Z","dependencies_parsed_at":"2024-11-14T20:23:45.569Z","dependency_job_id":"30f3c5cb-9385-4042-956b-e90dcbd1c0e9","html_url":"https://github.com/andreaso/ssh-zone-handler","commit_stats":null,"previous_names":[],"tags_count":11,"template":false,"template_full_name":null,"purl":"pkg:github/andreaso/ssh-zone-handler","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andreaso%2Fssh-zone-handler","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andreaso%2Fssh-zone-handler/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andreaso%2Fssh-zone-handler/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andreaso%2Fssh-zone-handler/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/andreaso","download_url":"https://codeload.github.com/andreaso/ssh-zone-handler/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andreaso%2Fssh-zone-handler/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":260724859,"owners_count":23052824,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-17T10:14:18.842Z","updated_at":"2025-06-19T09:34:43.075Z","avatar_url":"https://github.com/andreaso.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SSH Zone Handler\n\n* You run your own DNS server(s), providing Secondary DNS to others?\n* You want to provide your DNS tenants with a bit of debugging self-service?\n* You like SSH, but you don't want to grant people not-you full shell access?\n\nIf so, then this might just be the tool for you.\n\n\n## Usage\n\nUsage example, based on local [Vagrantfile][1] setup.\n\n```\n$ vagrant up\n```\n\n```\n$ alias ssh=\"ssh -i .vagrant/machines/secondary/virtualbox/private_key\"\n```\n\n```\n$ ssh alice@192.168.63.11 help\nusage: command [ZONE]\n\nhelp                 Display this help message\nlist                 List available zones\ndump ZONE            Output full content of ZONE\nlogs ZONE1 [ZONE2]   Output the last five days' log entries for ZONE(s)\nretransfer ZONE      Trigger a full (AXFR) retransfer of ZONE\nstatus ZONE          Show ZONE status\n$\n```\n\n```\n$ ssh alice@192.168.63.11 list\nexample.com\nexample.net\n$\n```\n\n```\n$ ssh alice@192.168.63.11 logs example.net\nApr 28 17:52:00 szh-secondary named[2821]: zone example.net/IN: Transfer started.\nApr 28 17:52:00 szh-secondary named[2821]: transfer of 'example.net/IN' from 192.168.63.10#53: connected using 192.168.63.10#53\nApr 28 17:52:00 szh-secondary named[2821]: zone example.net/IN: transferred serial 26281038\nApr 28 17:52:00 szh-secondary named[2821]: transfer of 'example.net/IN' from 192.168.63.10#53: Transfer status: success\nApr 28 17:52:00 szh-secondary named[2821]: transfer of 'example.net/IN' from 192.168.63.10#53: Transfer completed: 1 messages, 6 records, 190 bytes, 0.008 secs (23750 bytes/sec) (serial 26281038)\n$\n```\n\n\n## Setup instructions\n\n### Create log viewer user with journald access\n\n```\nadduser --system --no-create-home --home /nonexistent --shell /usr/sbin/nologin --ingroup systemd-journal log-viewer\n```\n\n\n### Create configuration\n\nCreate `/etc/zone-handler.yaml` based on either\n[zone-handler.yaml.bind.example][2] or\n[zone-handler.yaml.knot.example][3].\n\n\n### Install application\n\n```\npython3 -m venv /opt/ssh-zone-handler\n/opt/ssh-zone-handler/bin/pip3 install ssh-zone-handler\n```\n\n\n### Generate sudoers rules\n\n```\n/opt/ssh-zone-handler/bin/szh-sudoers | EDITOR=\"tee\" visudo -f /etc/sudoers.d/zone-handler\n```\n\n\n### Configure sshd\n\n```\nMatch User alice,bob\n     ForceCommand /opt/ssh-zone-handler/bin/szh-wrapper\n     PermitTTY no\n     AllowTcpForwarding no\n     X11Forwarding no\n```\n\n\n## Known limitations\n\n* Might be Ubuntu distro specific\n\n\n[1]: https://github.com/andreaso/ssh-zone-handler/blob/main/Vagrantfile\n[2]: https://github.com/andreaso/ssh-zone-handler/blob/main/zone-handler.yaml.bind.example\n[3]: https://github.com/andreaso/ssh-zone-handler/blob/main/zone-handler.yaml.knot.example\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandreaso%2Fssh-zone-handler","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fandreaso%2Fssh-zone-handler","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandreaso%2Fssh-zone-handler/lists"}