Table of Contents

Ostiary Client


The Ostiary client, "ostclient" is designed to talk to an ostiaryd service that allows you to run a fixed set of commands remotely, without giving everyone else access to the same commands.

The following are the key design goals:

  • "First, do no harm." It should not be possible to use the Ostiary system itself to damage the host it's running on. In particular, it's willing to accept false negatives (denying access to legitimate users) in order to prevent false positives (allowing access to invalid users).
  • Insofar as possible, eliminate any possibility of bugs causing undesired operations. Buffer overflows, timing attacks, etc. should be impossible for an external attacker to execute. There's no point in installing security software if it makes you less secure.
  • Be extremely modest in memory and CPU requirements. (eg. running on a Mac SE/30, a 16MHz 68030 machine) and connecting from a Palm Pilot (a 16MHz 68000 machine).
  • Keep things simple. This is not an ssh replacement. Each successful challenge/response will result in executing a corresponding script.
  • It is immune to replay attacks

This wiki is a quick summary of the author's documentation followed by openwrt specific usage instructions. For any technical info you may wish to view the author's site: .

How to get it

Grab it from the repository (Note, its not there yet, the package makefile is pending review. If you want it now, grab the source from the author's site, and follow the crosscompile and single.package guidelines. FIXME)

$ opkg update
$ opkg install ostiary

This package installs both the ostiaryd service, and the ostclient client. Both located in /usr/bin

Client Syntax

osctlient v4.0 usage: 
        ostclient -a address [-p port] [-f fd]

	-a	address to contact - two formats:
	-p	port (only needed if unspecified in -a)
	-f	read passphrase from indicated file descriptor

Back to top

doc/howto/ostiary.client.txt · Last modified: 2012/03/31 20:31 by nexus