Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/eaon/authorized-dns-keys

Queries and prints SSH public keys from Hesiod-esque DNS TXT records
https://github.com/eaon/authorized-dns-keys

dns hesiod openssh-server rust

Last synced: 3 months ago
JSON representation

Queries and prints SSH public keys from Hesiod-esque DNS TXT records

Awesome Lists containing this project

README 

        
# authorized-dns-keys



Small helper tool primarily meant to be invoked by OpenSSH's

`AuthorizedKeysCommand` in environments that already use

[Hesiod](https://en.wikipedia.org/wiki/Hesiod_\(name_service\)). It queries,

sorts, concatenates and eventually prints SSH public keys found in DNS TXT

records.



It also does the inverse and can create BIND style DNS record entries. Records

live in `$user.ssh$lhs$rhs` and look like this:



    user.ssh.ns.example.org. TXT "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCutHjcbooZDl+4jpsGMC7JewGXTgULjWuSMMzpM0hCKn4aIOaULkbDV020NiO+dfo0DTo2vXwZn6GqUu4xyZVk5dQa+yk6He3DAzgwsXxsLuwQYfGI0xVgGsaBFWPXqXjWIq6amKKG6o2Ll15HOw6Tj0MULGqQtC/j00VrKxNztNy2Lesa06KkKnFBFimA29ZhVlUjm8W/t7rwg0alulLnoOp" "ch9qbE/3yO3KOdNqCdDwNoRImAQk6KRlpWSr9ZHB4YnjQNNZCJ+yjC/KdqQ1awdKWTOMz2jfbhd/WHeH7XRY4iU2ZatVj6ZAcaqKvkaG8mWDYq2RNf6k88FgLdM33 user@host"

                             TXT "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHz4HTq0S77shqWG1tfc8EHSSMg+unYB+uUZaKiUcq1N user@host"



Requires a `/etc/hesiod.conf` configuration file.



### Isn't this kind of pointless as the same can be achieved with `AuthorizedKeysCommand /usr/bin/hesinfo %u ssh`?



Yes, however I initially misremembered how TXT records work, and I wanted to

learn about Rust and this was a simple enough project to try, so 🤷‍♂️