Ostiaryd is designed to allow you to run a fixed set of commands remotely, without giving everyone else access to the same commands.
The following are the key design goals:
This wiki is a quick summary of the author's documentation followed by openwrt specific usage instructions. For any technical info you may wish to view the author's site: http://ingles.homeunix.net/software/ost/index.html .
The algorithm used is as follows:
Grab it from the repository (Note, its not there yet, the package makefile is pending review. If you want it now, grab the source from the author's site, and follow the crosscompile and single.package guidelines. You can find compiled objects under backfire 10.03.1-RC6 for AR71xx platform in http://tamadite.no-ip.biz/ostiary. )
$ opkg update $ opkg install ostiary
The configuration file is installed by default at /etc/ostiary/ostiary.cfg
At a minimum, you will need to set at least the following sections:
(upto 8 ACTION scripts are allowed by default. More can be added but you would need to edit the header file ost.h and recompile. See author's site here.)
Note: By the author's design, you can't inline a shell command into the ACTION script definition. You need to put your command(s) into a separate file, make it executable, and then call the file using the syntax above. (I know, I wasted a couple of hours on this one…)
Be sure to always restart the ostiaryd daemon after making any changes!
where ARGUMENT is one of “stop”, “start”, or “restart”.
Each “secret” passphrase you defined above needs a corresponding action script (i.e. one-to-one). Place them in the folder below:
Eg. To enable and disable ssh access through your WAN you might tweak iptables using scripts like these:
#!/bin/sh /usr/bin/logger Ostiary is enabling SSH /usr/sbin/iptables -I zone_wan -p tcp --dport 22 -j ACCEPT
#!/bin/sh /usr/bin/logger Ostiary is dis-abling SSH /usr/sbin/iptables -D zone_wan -p tcp --dport 22 -j ACCEPT
Clients for connecting to the ostiaryd service are listed below.