6 echo >&2 "novaboot-shell: $*"
13 - console (default command)
24 if [ "$NB_ADMIN" ]; then
27 - shell (use with ssh -t)
35 [ "$NB_ADMIN" ] || return 1
38 0) die "Usage: ssh ... add-key USERNAME < id_rsa.pub";;
40 *) die "User name must not contain spaces: $*";;
45 tmp=$(mktemp ~/.ssh/authorized_keys.XXXXXXXX)
47 cat ~/.ssh/authorized_keys
48 echo "command=\"user $user\" $key"
51 mv $tmp ~/.ssh/authorized_keys
55 [ "$NB_ADMIN" ] || die "Permission denied"
56 if ! tty > /dev/null; then
57 echo "novaboot-shell: Consider starting the shell with 'ssh -t'"
59 exec /bin/bash || exec /bin/sh
63 lslocks | awk '{ if ($9 == "'"$RUN_DIR"'") { print $2 } }'
70 for pid in $(lock_queue); do
71 echo $pid $(sed --null-data -ne '/^NOVABOOT_ID=/ s///p' /proc/$pid/environ)
74 echo "Target is occupied by:"
75 ( echo "PID USER LOGIN_TIME FROM"; echo "$queue" ) | column -t
81 exec flock --no-fork "$RUN_DIR" "$@"
89 . "${NOVABOOT_SHELL_CONFIG:-$HOME/.novaboot-shell}"
92 # run_subcommand should be called only after permission checks and/or locking
97 trap "rm -f $RUN_DIR/ppid" EXIT
98 echo $NOVABOOT_PPID > $RUN_DIR/ppid
99 echo 'novaboot-shell: Connected'
100 # TODO: $reset_begin_cmd
101 eval exec "${console_cmd:?}";;
103 eval exec "${reset_cmd:?}";;
104 "rsync --server "*" . .")
105 if ! [ $# -eq 5 -o \( $# -eq 6 -a "$4" = '--log-format=X' \) ]; then
106 die "Unexpected rsync invocation: $*"
108 mkdir -p "$HOME/tftproot"
112 eval exec "${on_cmd:?}";;
114 eval exec "${off_cmd:?}";;
119 if [ "$1" = "-c" ]; then
121 elif [ $# -gt 0 ]; then
122 die "Permission denied"
126 if [ "$1" = "user" ]; then
127 # Get user name encoded in ~/.ssh/authorized_keys
129 [ "$3" = "admin" ] && NB_ADMIN=1
130 set -- $SSH_ORIGINAL_COMMAND
133 IP=${SSH_CONNECTION%% *}
135 HOST=$(getent hosts $IP) || HOST=$IP
140 DATE=$(LANG=C date +'%F_%T')
141 export NOVABOOT_ID="${NB_USER:-?} $DATE ${REMOTE}"
142 export NOVABOOT_PPID=$PPID
147 # Commands allowed at any time
148 "console"|"") locked $0 console;;
149 "get-config") read_config && echo -n "${target_config}"; exit;;
150 "add-key") shift; add_key "$@"; exit;;
151 "shell") exec_shell; exit;;
154 # Commands allowed only when nobody or the same user is connected
155 # to the console. "The same user" means that we were executed by
156 # the same sshd process that has the lock. This is ensured by
157 # using SSH connection sharing on client side.
158 reset | rsync | on | off)
159 ALLOWED_PPID=$(cat $RUN_DIR/ppid 2>/dev/null || :)
160 if [ "$PPID" -eq "${ALLOWED_PPID:-0}" ]; then run=unlocked; else run=locked; fi
163 echo >&2 "novaboot-shell: Command not allowed: $*"
164 logger -p error "novaboot-shell: Command not allowed: $*"
171 if [ -z "$NOVABOOT_ID" ]; then
183 novaboot-shell - provides novaboot with unified SSH-based interface for controlling target hardware
187 B<novaboot-shell> -c "[command [arguments...]]"
189 B<novaboot-shell> [command [arguments...]]
191 B<ssh target@server> [command [arguments...]]
195 B<novaboot-shell> provides L<novaboot(1)> with a unified SSH-based
196 interface for controlling the target hardware. This simplifies
197 client-side configuration, because clients typically need only the
198 I<--ssh=...> option. B<novaboot-shell> is typically configured as a
199 login shell of special user accounts associated with the target
200 hardware (as set by L<adduser-novaboot(8)>). It ensures that users can
201 perform only a limited set of actions (see L</COMMANDS> below) with
202 the target and have no shell access on the server.
210 Connect to target console (usually serial line). When somebody is
211 connected to the console, other users are blocked from controlling the
212 target. Blocked users see a message indicating who blocks them.
214 The user connected to the console is able to invoke other commands
215 such as L</reset>, but only when the command is invoked via the same
216 SSH connection. This can be accomplished by using SSH connection
217 sharing, which is what L<novaboot(1)> uses (see I<-M> and I<-S> in
220 This is the default command when no command is specified on command
225 Reset the target hardware.
229 Power on the target hardware.
233 Power off the target hardware.
237 This command is not meant to be invoked directly by the user. It
238 allows using L<rsync(1)> to copy files to the target, perhaps for TFTP
239 server. The rsync command must be invoked as: C<rsync ...
240 target@server:>, i.e. without specifying destination path. The files
241 will be stored into I<$HOME/tftproot>.
243 =item user <uernamename> [admin]
245 User command is meant to be used with C<command=> option in SSH's
246 L<authorized_keys(5)> file. It allows the shell to display
247 human-readable names when printing information about who blocks the
248 target. Then, the real command is taken from SSH_ORIGINAL_COMMAND
249 environment variable.
251 When "admin" is specified after the user name, this user is considered
252 an administrator and is allowed to run L</add-key> and L</shell>
257 Prints novaboot configuration options needed for the target. One
262 =head2 Administration commands
264 Only administrators (see L</user>) are allowed to execute these
269 =item add-key <username>
271 Reads the SSH public key from standard input and adds it into in
272 F<~/.ssh/authorized_keys>.
274 Example: C<ssh target@server add-key johndoe < john_rsa.pub>
278 Runs shell on the server. Useful for editing configuration file. It is
279 better used with allocated pseudo-terminal.
281 Example: C<ssh -t target@server shell>
285 =head1 CONFIGURATION FILE
287 B<novaboot-shell> reads configuration file from
288 F<$HOME/.novaboot-shell>. It should define values for the following
289 variables in the SH syntax.
295 Command to C<exec> that connects to target's console.
299 Command to C<exec> that resets the Target.
303 Command to C<exec> that powers the target on.
307 Command to C<exec> that powers the target off.
311 Novaboot command line options that specify which boot loader is used
312 by the target (L<novaboot(1)> rejects other, possibly dangerous, options).
313 Each option is on its own line and no quoting, escaping or stripping
314 is performed on the values.
320 --uboot-init=setenv serverip 192.168.1.1; setenv ipaddr 192.168.1.10
321 --uboot-addr=kernel=0x8100000
322 --uboot-addr=fdt=0x83000000
323 --uboot-addr=ramdisk=0x83100000
331 Michal Sojka <sojkam1@fel.cvut.cz>
333 Latest version can be found at
334 L<https://github.com/wentasah/novaboot>.