To register the name server managed by SSH:
To pre-configure the name server for SSH connection using distributed SSH keys, i.e., using the Use already set SSH keys for user namedsync option:
man bind 2
).adduser namedsync -G named
.ssh/authorized_keys
file in the namedsync
user home directory with the following permissions: owner='namedsync', group='named', mode=0600. For example, on behalf of the namedsync user, execute on the name server the following command:mkdir -p ~/.ssh/
chmod 0700 ~/.ssh/
touch ~/.ssh/authorized_keys
chmod 0600 ~/.ssh/authorized_keys
chown namedsync:named ~/.ssh/authorized_keys
/var/www/.ssh/id_dsa.pub
, /var/www/.ssh/id_rsa.pub
, and /var/www/.ssh/identity.pub
files) into the .ssh/authorized_keys
file created. For example, on behalf of the user namedsync, execute the following command on the name server and enter the Management Node root password. Note that in the actual command, 'your-mn-node' must be replaced with your Management Node hostname or IP address).ssh root@your-mn-node "su -l apache -c \"if [ -r .ssh/id_dsa.pub ]; then cat .ssh/id_dsa.pub;fi; if [ -r .ssh/id_rsa.pub ]; then cat .ssh/id_rsa.pub; fi; if [ -r .ssh/identity.pub ]; then cat .ssh/identity.pub; fi\"" > /tmp/ssh_pub_key && cat /tmp/ssh_pub_key > ~/.ssh/authorized_keys; rm -f /tmp/ssh_pub_key
apache
can connect from your Management Node to the name server as user namedsync
using the SSH key. For example, on behalf of the namedsync
user execute the following command on the name server and enter the Management Node root password.Note that in the actual command, 'your-mn-node' must be replaced with your Management Node hostname or IP address) and 'current-ns.com' must be replaced with the name server hostname or IP address:if ssh root@your-mn-node "su -l apache -c \"ssh namedsync@current-ns.com ls -l /home/namedsync/.ssh/\"" > /dev/null 2>&1; then echo PASSED; else echo ERROR;fi
namedsync
can read and write in the /var/named/
directory. For example, correct permissions:drwxrwx--- 3 namedsync named 4096 Sep 5 17:17 /var/named
if chroot used, check permissions on named chroot directory as well, for example, on behalf of the user namedsync execute the following command on the name server:
if echo "TEST" > /var/named/test-file.txt; then echo PASSED; rm -f /var/named/test-file.txt; else echo ERROR;fi
namedsync
can read /etc/ssh/sshd_config
. For example, correct permissions:-rw-r--r-- 1 root root 2469 Sep 6 20:17 /etc/ssh/sshd_config
Execute on the name server the following command on behalf of user namedsync
:
if [ -r /etc/ssh/sshd_config ]; then echo "PASSED"; else echo "ERROR";fi
namedsync
can read /etc/named.conf
or /ROOTDIR/etc/named.conf
(if named uses chroot):-rw-r--r-- 1 root root 796 Oct 22 2003 /etc/named.conf example
Execute on the name server on behalf of user namedsync
:
if [ -r `grep -P "^ROOTDIR=" /etc/sysconfig/named | awk -F\= '{print $2}' | sed -e "s/['\"]//g"`/etc/named.conf ]; then echo "PASSED"; else echo "ERROR";fi