6 echo >&2 "novaboot-shell: $*"
13 - console (default command)
24 if [ "$NB_ADMIN" ]; then
27 - shell (use with ssh -t)
35 [ "$NB_ADMIN" ] || return 1
38 0) die "Usage: ssh ... add-key USERNAME < id_rsa.pub";;
40 *) die "User name must not contain spaces: $*";;
45 tmp=$(mktemp ~/.ssh/authorized_keys.XXXXXXXX)
47 cat ~/.ssh/authorized_keys
48 echo "command=\"user $user\" $key"
51 mv $tmp ~/.ssh/authorized_keys
55 [ "$NB_ADMIN" ] || die "Permission denied"
56 if ! tty > /dev/null; then
57 echo "novaboot-shell: Consider starting the shell with 'ssh -t'"
59 exec /usr/bin/env bash || exec /bin/sh
63 lslocks | awk '{ if ($9 == "'"$RUN_DIR"'") { print $2 } }'
70 for pid in $(lock_queue); do
71 echo $pid $(sed --null-data -ne '/^NOVABOOT_ID=/ s///p' /proc/$pid/environ)
74 echo "Target is occupied by:"
75 ( echo "PID USER LOGIN_TIME FROM"; echo "$queue" ) | column -t
81 exec flock --no-fork "$RUN_DIR" "$@"
89 . "${NOVABOOT_SHELL_CONFIG:-$HOME/.novaboot-shell}"
95 "on") cmd="${on_cmd:?}";;
96 "off") cmd="${off_cmd:?}";;
97 *) die "Unexpected power parameter";;
100 if [ "$PPID" -ne 1 ] && systemctl --user is-enabled --quiet novaboot-delayed-power-off.service; then
101 sudo novaboot-power "$1"
108 trap "rm -f $RUN_DIR/ppid" EXIT
109 echo $NOVABOOT_PPID > $RUN_DIR/ppid
110 echo 'novaboot-shell: Connected'
111 # TODO: $reset_begin_cmd
112 [ -n "${on_cmd}" ] && power on
116 # run_subcommand should be called only after permission checks and/or locking
121 run_console "${console_cmd:?}";;
123 eval exec "${reset_cmd:?}";;
124 "rsync --server "*" . .")
125 if ! [ $# -eq 5 -o \( $# -eq 6 -a "$4" = '--log-format=X' \) ]; then
126 die "Unexpected rsync invocation: $*"
128 mkdir -p "$HOME/tftproot"
138 die "Unknown command: $*";;
143 if [ "$1" = "-c" ]; then
145 elif [ $# -gt 0 ]; then
146 die "Permission denied"
150 if [ "$1" = "user" ]; then
151 # Get user name encoded in ~/.ssh/authorized_keys
153 [ "$3" = "admin" ] && NB_ADMIN=1
154 set -- $SSH_ORIGINAL_COMMAND
157 IP=${SSH_CONNECTION%% *}
159 HOST=$(getent hosts $IP) || HOST=$IP
164 DATE=$(LANG=C date +'%F_%T')
165 export NOVABOOT_ID="${NB_USER:-?} $DATE ${REMOTE}"
166 export NOVABOOT_PPID=$PPID
171 # Commands allowed at any time
172 "console"|"") locked $0 console;;
173 "get-config") read_config && echo -n "${target_config}"; exit;;
174 "add-key") shift; add_key "$@"; exit;;
175 "shell") exec_shell; exit;;
178 # Commands allowed only when nobody or the same user is connected
179 # to the console. "The same user" means that we were executed by
180 # the same sshd process that has the lock. This is ensured by
181 # using SSH connection sharing on client side.
182 reset | rsync | on | off)
183 ALLOWED_PPID=$(cat $RUN_DIR/ppid 2>/dev/null || :)
184 if [ "$PPID" -eq "${ALLOWED_PPID:-0}" ]; then run=unlocked; else run=locked; fi
187 echo >&2 "novaboot-shell: Command not allowed: $*"
188 logger -p error "novaboot-shell: Command not allowed: $*"
193 if [ -d "$HOME" ]; then
196 RUN_DIR="/tmp/novaboot-shell@$USER"
200 if [ -z "$NOVABOOT_ID" ] && [ "$PPID" -ne 1 ]; then
212 novaboot-shell - provides novaboot with unified SSH-based interface for controlling target hardware
216 B<novaboot-shell> -c "[command [arguments...]]"
218 B<novaboot-shell> [command [arguments...]]
220 B<ssh target@server> [command [arguments...]]
224 B<novaboot-shell> provides L<novaboot(1)> with a unified SSH-based
225 interface for controlling the target hardware. This simplifies
226 client-side configuration, because clients typically need only the
227 I<--ssh=...> option. B<novaboot-shell> is typically configured as a
228 login shell of special user accounts associated with the target
229 hardware (as set by L<adduser-novaboot(8)>). It ensures that users can
230 perform only a limited set of actions (see L</COMMANDS> below) with
231 the target and have no shell access on the server.
239 Connect to target console (usually serial line). When somebody is
240 connected to the console, other users are blocked from controlling the
241 target. Blocked users see a message indicating who blocks them.
243 The user connected to the console is able to invoke other commands
244 such as L</reset>, but only when the command is invoked via the same
245 SSH connection. This can be accomplished by using SSH connection
246 sharing, which is what L<novaboot(1)> uses (see I<-M> and I<-S> in
249 This is the default command when no command is specified on command
254 Reset the target hardware.
258 Power on the target hardware.
262 Power off the target hardware.
266 This command is not meant to be invoked directly by the user. It
267 allows using L<rsync(1)> to copy files to the target, perhaps for TFTP
268 server. The rsync command must be invoked as: C<rsync ...
269 target@server:>, i.e. without specifying destination path. The files
270 will be stored into I<$HOME/tftproot>.
272 =item user <uernamename> [admin]
274 User command is meant to be used with C<command=> option in SSH's
275 L<authorized_keys(5)> file. It allows the shell to display
276 human-readable names when printing information about who blocks the
277 target. Then, the real command is taken from SSH_ORIGINAL_COMMAND
278 environment variable.
280 When "admin" is specified after the user name, this user is considered
281 an administrator and is allowed to run L</add-key> and L</shell>
286 Prints novaboot configuration options needed for the target. One
291 =head2 Administration commands
293 Only administrators (see L</user>) are allowed to execute these
298 =item add-key <username>
300 Reads the SSH public key from standard input and adds it into in
301 F<~/.ssh/authorized_keys>.
303 Example: C<ssh target@server add-key johndoe < john_rsa.pub>
307 Runs shell on the server. Useful for editing configuration file. It is
308 better used with allocated pseudo-terminal.
310 Example: C<ssh -t target@server shell>
314 =head1 CONFIGURATION FILE
316 B<novaboot-shell> reads configuration file from
317 F<$HOME/.novaboot-shell>. It should define values for the following
318 variables in the SH syntax.
324 Command to C<exec> that connects to target's console.
326 Note that if you need more complex behaviour of the console command,
327 e.g., different behaviour for different users (distinguished by the
328 value of C<$NB_USER> variable), you can set this variable to a name of
329 a shell function, which you define in the configuration file and
330 implement the complex behaviour there.
334 Command to C<exec> that resets the Target.
338 Command to C<exec> that powers the target on.
342 Command to C<exec> that powers the target off.
346 Novaboot command line options that specify which boot loader is used
347 by the target (L<novaboot(1)> rejects other, possibly dangerous, options).
348 Each option is on its own line and no quoting, escaping or stripping
349 is performed on the values.
355 --uboot-init=setenv serverip 192.168.1.1; setenv ipaddr 192.168.1.10
356 --uboot-addr=kernel=0x8100000
357 --uboot-addr=fdt=0x83000000
358 --uboot-addr=ramdisk=0x83100000
366 Michal Sojka <sojkam1@fel.cvut.cz>
368 Latest version can be found at
369 L<https://github.com/wentasah/novaboot>.