# How-to djbdns server synchronization
I'd like to thank authors of articles in Links section, as this 
how-to is assembled out of those articles. 
Idea about the script was my own.
This how-to is more like to get you an idea about things, rather 
than step-by-step to the sweet finish.
You may need to modify .sh script to fit your actual needs.

I provide no guarantees. You know how is it with stuff on internet.
Zdenek Styblik@2009/03

## Client - Generate key [1]
Generate key:
% ssh-keygen -q -f ~/.ssh/id_rsa -t rsa;


## Client - add dns_sync.sh to crontab
It depends on your crontab, but -
Edit crontab for user joe, whom's account is going to hanlde syncing 
for us. Add line similar to bellow which will execute synchronization 
every 12 hours.
# crontab -e joe;

Add line:
--snip--
* */12 * * * /path/to/dns_sync.sh
--snip--


## Server - Configure sshd [2]
You need OpenSSH 4.9p1 or newer!
Edit '/etc/ssh/sshd_config' and add to the bottom of the file:
-- snip ---
Match Group _gdns
    ChrootDirectory %h
    AllowTcpForwarding no
-- snip ---
Restart sshd. You don't have to recycle whole sshd, restart is enough.


## Server - Set-up chroot dir [2] [3]
Make a chroot dir wherever fits to you. However, it's not bad idea 
to create hardlink to 'data' file.

# mkdir /etc/tinydns/chroot/
# cd /etc/tinydns/chroot
# mkdir {bin,dev,lib}
# cp -p /bin/bash bin/
# cp -p /lib/{ld-linux.so.2,libc.so.6,libdl.so.2,libtermcap.so.2} lib/
# mknod dev/null c 1 3
# mknod dev/zero c 1 5
# chmod 0666 dev/{null,zero}

Next, we'll need md5sum and scp. Use # ldd; to see which libraries 
are required.
SCP - is somewhat specific. You're going to need more than # ldd; 
told you. You are going to need part (or whole, if you want) of 
'/etc/passwd' and '/lib/libnss_files*'.


## Server - finishing up
Modify homedir of account you're going to use for syncing and change 
it to '/etc/tinydns/chroot' or whatever directory you've chosen for 
chroot.

Create directory '.ssh/' in chroot:
# cd /etc/tinydns/chroot/;
# mkdir .ssh/
# chmod 700 .ssh/

Change to directory and:
# cd .ssh/
# touch authorized_keys

SCP-over public key from client and:
# cat id_rsa.pub >> authorized_keys;
# chmod 600 authorized_keys;

Remove the key file, edit authorized_keys and add host restrictions:
# rm id_rsa.pub;
# vim authorized_keys
--snip--
from="192.168.1.1,example.tld"
--snip--
It doesn't hurt to change ownership of whole ".ssh/" directory to 
respective owner.

And you should be ready to roll. I hope this small how-to hellped 
you a little.


# Links/Sources:
[1] http://sial.org/howto/openssh/publickey-auth/
[2] http://blogs.techrepublic.com.com/opensource/?p=229
[3] https://lists.ccs.neu.edu/pipermail/scponly/2007-November/001895.html