Ostiaryd is designed to allow you to run a fixed set of commands remotely, without giving everyone else access to the same commands.
The following are the key design goals:
This wiki is a quick summary of the author's documentation followed by openwrt specific usage instructions. For any technical info you may wish to view the author's site: http://ingles.homeunix.net/software/ost/index.html .
The algorithm used is as follows:
Grab it from the repository (Note, it has only been added to the master 'snapshot' builds, not versioned builds eg. '18.06', ensure your opkg configuration includes the snapshot/packages/<arch>/packages path)
$ opkg update $ opkg install ostiary
The configuration file is installed by default at /etc/ostiary.cfg
At a minimum, you will need to set at least the following sections:
(upto 8 ACTION scripts are allowed by default. More can be added but you would need to edit the header file ost.h and recompile. See author's site here.)
Be sure to always restart the ostiaryd daemon after making any changes!
where ARGUMENT is one of “stop”, “start”, or “restart”.
Each “secret” passphrase you defined above needs a corresponding action script (i.e. one-to-one).
Actions scripts can invoke anything you could run from a command line, such as:
so long as the command is either fixed, or will only vary depending on your ostiary client IP.
If your scripts run successfully as root, but fail under Ostiary (test using ostclient), ensure that you have set uid/gid to 0 for that action; or set appropriate filesystem permissions.
Note: By the author's design, you can't inline a shell command into the ACTION script definition. You need to put your command(s) into a separate file, make it executable, and then call the file using the syntax above. (I know, I wasted a couple of hours on this one…)
Remember to add your scripts' location to the folders kept during sysupgrade in /etc/sysupgrade.conf
Clients for connecting to the ostiaryd service are listed below.