Skip to content
NKN shell daemon
JavaScript
Branch: master
Clone or download
yilunzhang Add command to show NKN address
Signed-off-by: Yilun <zyl.skysniper@gmail.com>
Latest commit 214e187 Oct 22, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore Add .gitignore Sep 23, 2019
README.md Fix incorrect link in readme Sep 19, 2019
nshd.js Add command to show NKN address Oct 22, 2019
package.json Initial commit with the first version Sep 19, 2019
yarn.lock Initial commit with the first version Sep 19, 2019

README.md

NKN Shell Daemon

NKN shell daemon (nshd) is a Node.js application that uses nkn-multiclient-js to listen for incoming shell command from authenticated users, executes, and send back results through nkn-client. It is similar to sshd but has a few fundamental difference:

  1. Network transparent: NKN address is used instead of IP address, so host machine can freely change IP address without being affected.

  2. Higher security: Communication is through nkn-client where public key is part of the nkn address, so everything is end to end encrypted without the need to fetch or trust public key separately. This protocol eliminates man-in-the-middle (MITM) attack caused by mismatch of address and public key.

  3. No open port: Host machine running nshd does not need to open any port or have a public IP address. All connections are outbound instead of inbound. This makes nshd even more secure and convenient.

  4. Cross platform compatibility: It just takes a few lines of code to send commands and receive results in any language supporting NKN client SDK. It is worth mentioning that d-chat is natively compatible to nshd without any modification.

Configurations

Address and Identity

When nshd starts, it will read /etc/nshd/wallet.json and /etc/nshd/wallet.pswd to get NKN wallet file and password. If wallet file does not exist, it will generate a random wallet and password and save to that location. The wallet file is compatible with NKN node and wallet SDK.

After nshd gets the wallet, it will print out its NKN address in stdout where you can send command to and receive results from. By default it's just the wallet public key, but you can choose the identifier part of the NKN address using --identifier=xxx argument when launching nshd.

Permission Control

Similar to sshd, nshd will read authorized public keys or addresses from /etc/nshd/authorized_pubkeys. Only message from these public keys will be handled. Content of authorized_pubkeys should follow the scheme:

authorized_public_key_or_addr_1 [uid] [gid]
authorized_public_key_or_addr_2 [uid] [gid]

If a public key is given, then all NKN addresses from that public key (with any identifier) will be accepted. If an address is given, then only that specific address will be accepted. Both uid and gid are optional and controls the user and group of the process used to execute commands. If uid and gid are not given, user/group where nshd process belongs to will be used.

Sending Commands and Receiving Results

Sending commands is as simple as using nkn-multiclient-js or other client implementations to send a JSON message to nshd's listening NKN address. The JSON message can have the following fields:

  • cmd Shell command to execute.

  • execSync If true, results will be returned in message reply, otherwise results will be sent in a separate message. Default: false.

  • execTimeout In milliseconds the maximum amount of time the process is allowed to run. Default to 5000 if execSync is true, or 0 (unlimited) if not. The default value can be changed by --syncexectimeout=xxx and --asyncexectimeout=xxx argument when launching nshd.

The execution results will be returned as reply if execTimeout is true, or as a separate message if execTimeout is false. The results is a JSON message with the following fields:

  • stdout The stdout of the process running the command.

  • stderr The stderr of the process running the command.

You can’t perform that action at this time.