ssh - looking up IP through API on-demand

1

Is there a way to make ssh dynamically lookup the ip address for a given hostname through an external API?

The scenario is that I have a few customers with thousands of varying on-demand cloud servers (new ones are added every hour, old ones get killed every hour).

Because there are so many names and they change quite fast, using the cloud service DNS API is not really an option (I tried before, kills their admin panels and API servers).

So... I'm looking for a configuration option in ssh to use a script to lookup the IP address when I do "ssh some-name". I know I can alias the ssh script and wrap it, but I'm wondering if there's any internal option available.

Wolph

Posted 2017-10-27T10:44:56.937

Reputation: 595

…are they running the DNS API on a potato? – user1686 – 2017-10-27T11:15:00.697

Very likely, but that's out of my control unfortunately so I'm trying to make it as convenient as possible – Wolph – 2017-10-27T15:25:55.100

Answers

2

There are several options. Primarily there's ProxyCommand, which can use an arbitrary program in place of the TCP connection – as long as it speaks SSH in stdin/stdout. (Of course it only works with SSH.)

For example, to tunnel via another SSH server:

ssh -o ProxyCommand="ssh bastion.tld -W %h:%p" server123.tld

So you could write a tool/script in your preferred language which accepts the hostname in command line, looks up the server, opens a TCP connection, and copies data between it and stdin/out. (It could be a shellscript which runs nc.)

Then use it like this:

# ~/.ssh/config – see `man ssh_config`

Host *.example.com
    ProxyCommand ~/bin/ssh-cloud-lookup %h %p

The second option is to write a custom DNS server which uses your container API to look up addresses and serve responses. I believe I've seen some tools like Chubby do exactly this.

The third option (specific to Linux) is to write a "nsswitch" plugin which implements hostname lookup, similar to the existing "dns", "mdns", "files" plugins. For example, systemd ships a plugin named nss_mymachines for resolving the names of nspawn containers.

user1686

Posted 2017-10-27T10:44:56.937

Reputation: 283 655

Perfect, the ProxyCommand option should work great for my case. The API is far too slow for the other solutions – Wolph – 2017-10-27T15:22:14.937

Asked: 2017-10-27T10:44:56.937

Viewed: 56 times

Active: 2017-10-27T11:12:47.470