6 echo >&2 "novaboot-shell: $*"
13 - console (default command)
23 if [ "$NB_ADMIN" ]; then
26 - shell (use with ssh -t)
34 [ "$NB_ADMIN" ] || return 1
37 0) die "Usage: ssh ... add-key USERNAME < id_rsa.pub";;
39 *) die "User name must not contain spaces: $*";;
44 tmp=$(mktemp ~/.ssh/authorized_keys.XXXXXXXX)
46 cat ~/.ssh/authorized_keys
47 echo "command=\"user $user\" $key"
50 mv $tmp ~/.ssh/authorized_keys
54 [ "$NB_ADMIN" ] || die "Permission denied"
55 if ! tty > /dev/null; then
56 echo "novaboot-shell: Consider starting the shell with 'ssh -t'"
58 exec /bin/bash || exec /bin/sh
62 lslocks | awk '{ if ($9 == "'"$RUN_DIR"'") { print $2 } }'
69 for pid in $(lock_queue); do
70 echo $pid $(sed --null-data -ne '/^NOVABOOT_ID=/ s///p' /proc/$pid/environ)
73 echo "Target is occupied by:"
74 ( echo "PID USER LOGIN_TIME FROM"; echo "$queue" ) | column -t
81 #flock -h 2>&1 | grep -q -e "--no-fork" && no_fork=--no-fork
82 exec flock $no_fork "$RUN_DIR" "$@"
90 . "${NOVABOOT_SHELL_CONFIG:-$HOME/.novaboot-shell}"
93 # run_subcommand should be called only after permission checks and/or locking
98 trap "rm -f $RUN_DIR/ppid" EXIT
99 echo $NOVABOOT_PPID > $RUN_DIR/ppid
100 echo 'novaboot-shell: Connected'
101 # TODO: $reset_begin_cmd
102 eval exec "${console_cmd:?}";;
104 eval exec "${reset_cmd:?}";;
105 "rsync --server "*" . .")
106 if ! [ $# -eq 5 -o \( $# -eq 6 -a "$4" = '--log-format=X' \) ]; then
107 die "Unexpected rsync invocation: $*"
109 mkdir -p "$HOME/tftproot"
113 eval exec "${on_cmd:?}";;
115 eval exec "${off_cmd:?}";;
120 if [ "$1" = "-c" ]; then
122 elif [ $# -gt 0 ]; then
123 die "Permission denied"
127 if [ "$1" = "user" ]; then
128 # Get user name encoded in ~/.ssh/authorized_keys
130 [ "$3" = "admin" ] && NB_ADMIN=1
131 set -- $SSH_ORIGINAL_COMMAND
134 IP=${SSH_CONNECTION%% *}
136 HOST=$(getent hosts $IP) || HOST=$IP
141 DATE=$(LANG=C date +'%F_%T')
142 export NOVABOOT_ID="${NB_USER:-?} $DATE ${REMOTE}"
143 export NOVABOOT_PPID=$PPID
148 # Commands allowed at any time
149 "console"|"") locked $0 console;;
150 "get-config") read_config && echo -n "${target_config}"; exit;;
151 "add-key") shift; add_key "$@"; exit;;
152 "shell") exec_shell; exit;;
155 # Commands allowed only when nobody or the same user is connected
156 # to the console. "The same user" means that we were executed by
157 # the same sshd process that has the lock. This is ensured by
158 # using SSH connection sharing on client side.
159 reset | rsync | on | off)
160 ALLOWED_PPID=$(cat $RUN_DIR/ppid 2>/dev/null || :)
161 if [ "$PPID" -eq "${ALLOWED_PPID:-0}" ]; then run=unlocked; else run=locked; fi
164 echo >&2 "novaboot-shell: Command not allowed: $*"
165 logger -p error "novaboot-shell: Command not allowed: $*"
172 if [ -z "$NOVABOOT_ID" ]; then
184 novaboot-shell - provides novaboot with unified SSH-based interface for controlling target hardware
188 B<novaboot-shell> -c "[command [arguments...]]"
190 B<novaboot-shell> [command [arguments...]]
192 B<ssh target@server> [command [arguments...]]
196 B<novaboot-shell> provides L<novaboot(1)> with a unified SSH-based
197 interface for controlling the target hardware. This simplifies
198 client-side configuration, because clients typically need only the
199 I<--ssh=...> option. B<novaboot-shell> is typically configured as a
200 login shell of special user accounts associated with the target
201 hardware (as set by L<adduser-novaboot(8)>). It ensures that users can
202 perform only a limited set of actions (see L</COMMANDS> below) with
203 the target and have no shell access on the server.
211 Connect to target console (usually serial line). When somebody is
212 connected to the console, other users are blocked from controlling the
213 target. Blocked users see a message indicating who blocks them.
215 The user connected to the console is able to invoke other commands
216 such as L</reset>, but only when the command is invoked via the same
217 SSH connection. This can be accomplished by using SSH connection
218 sharing, which is what L<novaboot(1)> uses (see I<-M> and I<-S> in
221 This is the default command when no command is specified on command
226 Reset the target hardware.
230 Power on the target hardware.
234 Power off the target hardware.
238 This command is not meant to be invoked directly by the user. It
239 allows using L<rsync(1)> to copy files to the target, perhaps for TFTP
240 server. The rsync command must be invoked as: C<rsync ...
241 target@server:>, i.e. without specifying destination path. The files
242 will be stored into I<$HOME/tftproot>.
244 =item user <uernamename> [admin]
246 User command is meant to be used with C<command=> option in SSH's
247 L<authorized_keys(5)> file. It allows the shell to display
248 human-readable names when printing information about who blocks the
249 target. Then, the real command is taken from SSH_ORIGINAL_COMMAND
250 environment variable.
252 When "admin" is specified after the user name, this user is considered
253 an administrator and is allowed to run L</add-key> and L</shell>
258 =head2 Administration commands
260 Only administrators (see L</user>) are allowed to execute these
265 =item add-key <username>
267 Reads the SSH public key from standard input and adds it into in
268 F<~/.ssh/authorized_keys>.
270 Example: C<ssh target@server add-key johndoe < john_rsa.pub>
274 Runs shell on the server. Useful for editing configuration file. It is
275 better used with allocated pseudo-terminal.
277 Example: C<ssh -t target@server shell>
281 =head1 CONFIGURATION FILE
283 B<novaboot-shell> reads configuration file from
284 F<$HOME/.novaboot-shell>. It should define values for the following
285 variables in the SH syntax.
291 Command to C<exec> that connects to target's console.
295 Command to C<exec> that resets the Target.
299 Command to C<exec> that powers the target on.
303 Command to C<exec> that powers the target off.
307 Novaboot command line options that specify which boot loader is used
308 by the target (L<novaboot(1)> rejects other, possibly dangerous, options).
309 Each option is on its own line and no quoting, escaping or stripping
310 is performed on the values.
316 --uboot-init=setenv serverip 192.168.1.1; setenv ipaddr 192.168.1.10
317 --uboot-addr=kernel=0x8100000
318 --uboot-addr=fdt=0x83000000
319 --uboot-addr=ramdisk=0x83100000
327 Michal Sojka <sojkam1@fel.cvut.cz>
329 Latest version can be found at
330 L<https://github.com/wentasah/novaboot>.