Hostkeydns - Library for verifying remote ssh keys using DNS and SSHFP resource records

Last update: Feb 11, 2022

Comments: 0

hostkeydns

import "suah.dev/hostkeydns"

Package hostkeydns facilitates verifying remote ssh keys using DNS and SSHFP resource records.

Index

func CheckDNSSecHostKey(dr DNSSecResolvers) ssh.HostKeyCallback
func CheckDNSSecHostKeyEZ(res string) ssh.HostKeyCallback
type DNSSecResolvers

func CheckDNSSecHostKey

func CheckDNSSecHostKey(dr DNSSecResolvers) ssh.HostKeyCallback

CheckDNSSecHostKey checks a hostkey against a DNSSEC SSHFP records.

Example

package main

import (
	"golang.org/x/crypto/ssh"
	"suah.dev/hostkeydns"
)

func main() {
	dnsConf := hostkeydns.DNSSecResolvers{
		Servers: []string{
			"8.8.8.8",
		},
		Port: "53",
		Net:  "tcp",
	}
	config := &ssh.ClientConfig{
		HostKeyCallback: hostkeydns.CheckDNSSecHostKey(dnsConf),
	}
	_, _ = ssh.Dial("tcp", "github.com:22", config)
}

func CheckDNSSecHostKeyEZ

func CheckDNSSecHostKeyEZ(res string) ssh.HostKeyCallback

CheckDNSSecHostKeyEZ checks a hostkey against a DNSSEC SSHFP records using preconfigured name servers. Options are: - "quad9": https://www.quad9.net/\. - "google": Google's public name servers. - "system": Use the system resolver (*nix only atm).

Example

package main

import (
	"golang.org/x/crypto/ssh"
	"suah.dev/hostkeydns"
)

func main() {
	config := &ssh.ClientConfig{
		HostKeyCallback: hostkeydns.CheckDNSSecHostKeyEZ("quad9"),
	}
	_, _ = ssh.Dial("tcp", "github.com:22", config)
}

type DNSSecResolvers

DNSSecResolvers exposes configuration options for resolving hostnames using DNSSEC. Success will be called when a matching fingerprint/SSHFP match is found. Net can be one of "tcp", "tcp-tls" or "udp".

If set, HostKeyAlgorithms will restrict matching to _only_ the algorithms listed. The format of the strings match that of OpenSSH ("ssh-ed25519" for example).

type DNSSecResolvers struct {
    Servers           []string
    Port              string
    Net               string
    Success           func(key ssh.PublicKey)
    HostKeyAlgorithms []string
}

Generated by gomarkdoc

Owner

Aaron Bieber

OpenBSD slacker living in colorful Colorado. 0x1F81112D62A9ADCE

https://github.com/qbit/hostkeydns

Hostkeydns - Library for verifying remote ssh keys using DNS and SSHFP resource records

hostkeydns

Index

func CheckDNSSecHostKey

func CheckDNSSecHostKeyEZ

type DNSSecResolvers

Owner

Aaron Bieber

Similar Resources

Simple tool for connecting to remote hosts via ssh written on GO.

The Dual-Stack Dynamic DNS client, the world's first dynamic DNS client built for IPv6.

netcup DNS module for caddy: dns.providers.netcup

A fork on miekg/dns (since I've already forked zmap/dns)

A simple DNS forwarder that forwards DNS queries to various upstreams

🤘 The native golang ssh client to execute your commands over ssh connection. 🚀🚀

Extended ssh-agent which supports git commit signing over ssh

Gsshrun - Running commands via ssh on the server/hosting (if ssh support) specified in the connection file

one simple git ssh server (just for learning git over ssh )

Related tags

Automatically register a list of domain names, add them to Cloudflare and set DNS records.

Ipctl - Listen to IP change and change your DNS' records dynamically

dynflare is a tool to automatically update dns records at Cloudflare, when the ip changes.

A CoreDNS plugin to serve temporary TXT records for validation purposes (eg. Let's Encrypt DNS-01)

Updating DNS records for dynamically changing IPs via the Cloudflare API

Creates a linux group of users synced to your Google Workspace users and automatically imports their public SSH keys.

Simple HTTP tunnel using SSH remote port forwarding

Golang `net/rpc` over SSH using installed SSH program

DNS Ping: to check packet loss and latency issues with DNS servers

Verify IP addresses of respectful crawlers like Googlebot by reverse dns and forward dns lookups