Console Shell

General features

The Equinox OSGi console is based on Apache Felix Gogo shell. The console provides: The default authentication is password-based, but key-based authentication is also supported.

Installation and configuration of the console

Running without SSH

  1. Place the necessary bundles in a folder. The bundles are:
  2. Create a configuration subfolder and a config.ini file in it.
  3. Add the following entries in the config.ini file:
    osgi.bundles=org.apache.felix.gogo.runtime,\
        org.apache.felix.gogo.command,\
        org.apache.felix.gogo.shell,\
        org.eclipse.equinox.console
    osgi.console=<port>

  4. Start the Equinox framework with the following command line: java -jar org.eclipse.osgi.jar
The property osgi.console specifies the port on which the console should listen for telnet connections. Instead of specifying this property, you can start the framework with the -console <port> option. If you do not specify the port in either of these ways, the console will not listen for telnet connections. If you start with the option -console and do not specify the port, you will be able to interact with the console through the standard input.

Running with SSH

If you want to access the console through SSH, you need more bundles and configurations.
  1. Place the necessary bundles in a folder. The bundles are:
  2. Create a configuration subfolder and a config.ini file in it.
  3. Add the following entries in the config.ini file:
    osgi.bundles=org.apache.felix.gogo.runtime,\
        org.apache.felix.gogo.command,\
        org.apache.felix.gogo.shell,\
        org.eclipse.equinox.console,\
        slf4j-api,\
        <slf4j-api_impl>,\
        org.apache.mina.core,\
        org.apache.sshd.core,\
        org.eclipse.equinox.console.ssh@start,\
        org.eclipse.equinox.console.jaas.fragment
    osgi.console.ssh=<port>
    osgi.console.ssh.useDefaultSecureStorage=true

  4. Create a file with name org.eclipse.equinox.console.authentication.config in the configuration subfolder.
  5. Add the following entry to org.eclipse.equinox.console.authentication.config file:
    equinox_console {
        org.eclipse.equinox.console.jaas.SecureStorageLoginModule REQUIRED;
    };
  6. Create logging configuration file. This depends on the particular implementation of slf4j-api, which you have chosen.
  7. Start the Equinox framework with the following command line: java -Djava.util.logging.config.file=configuration/logging.properties \
        -Dssh.server.keystore=configuration/hostkey.ser \
        -Dorg.eclipse.equinox.console.jaas.file=configuration/store \
        -Djava.security.auth.login.config=configuration/org.eclipse.equinox.console.authentication.config \
        -jar org.eclipse.osgi.jar
Notes:

JAAS Authentication

The Equinox console uses JAAS authentication when the SSH is used. The default JAAS login module, implemented in the console, uses custom store file, where it stores users and passwords. The passwords are one-way encrypted. The console also provides shell commands for administering users: There is a default user equinox with password equinox, which is dynamically created when the ssh starts if no other user exists in the user store. Upon first login, the console prompts the user to create a new user, and automatically deletes the default user. The password must be at least 8 symbols long. The username may contain alphanumerical characters, plus underscore and dot. Currently only authentication is implemented in the console. All authenticated users have similar rights. Implementing authorization may be a future enhancement. That is why roles are introduced, although they are not currently used. If the default JAAS login module is be used, then the property osgi.console.ssh.useDefaultSecureStorage must be set to true. The file, where the users are stored, is specified through the property org.eclipse.equinox.console.jaas.file

Using Custom JAAS Authentication Login Module

Custom JAAS authentication login modules could be used with the ssh instead of the default one. If a custom login module is used, then the property osgi.console.ssh.useDefaultSecureStorage must not be set at all. The custom module must be specified in the file org.eclipse.equinox.console.authentication.config instead of the default entry there, or in a different file. If a different file is used, then its name must be specified as the value of the property -Djava.security.auth.login.config instead of org.eclipse.equinox.console.authentication.config. Also, it will be necessary to create a fragment to sshd-core bundle, with which to import the package of the custom login module. This is necessary for the sshd to be able to load the module class.

Key-based Authentication

Instead of using JAAS authentication, the console can use key-based user authentication with ssh. It is possible to provide a file containing a list of keys that are allowed to connect to the SSH console. The file will be read every time a connection is made so that it can be modified dynamically at runtime. The file is specified with the property ssh.server.authorized_keys. If you use key-based authentication you do not need to specify the JAAS-related properties java.security.auth.login.config and osgi.console.ssh.useDefaultSecureStorage.

The console supports also custom public keys authentication. If no specific authorized_keys file is configured (via system property) the OSGi service registry will be searched for available authenticators. To enable this feature you have to set the property ssh.custom.publickeys.auth to true.

Configuring of telnet and ssh host and port through Configuration Admin service

The console provides the option to configure the telnet and ssh host and port through Configuration Admin instead of through the properties osgi.console=<host>:<port> and osgi.console.ssh=<host>:<port>. This could be helpful in more complex scenarios, for example when you want to run different instances of the console in different subsystems of the framework. In this case if the port is configured through a system property, it is one and the same for all console instances and only one will be able to bind to the socket. If this feature is used, then you should: The configuration PID for the telnet configuration is osgi.console.telnet and for the ssh configuration is osgi.console.ssh. Both configurations have the following properties: All must have values of type String. The enabled property determines if telnet/ssh is to be started at all. If the value is true, telnet/ssh is started. If the value is false, or the property enabled is absent, the telnet/ssh is not started.

Using Commands

The Gogo shell, on which the Equinox console is based, supports different type of commands from these currently supported in Equinox. Currently in Equinox, commands are provided by a class implementing the CommandProvider interface. The Equinox console provides an adapter from this type of commands to the new type of commands, used in Gogo. They commands are arbitrary classes, registered as services, with two special properties: The commands in the Equinox console use the notion of command scope. The scope can be used, for example, to differentiate between commands with one and the same name, but provided by different providers. Then they should have different scopes.
The scope is a prefix of the command name, separated from it with a column. When writing the command in the console, the scope may or may not be specified. If the scope is not specified, then the command with this name from the default scope is used. If in the default scope there is no command with such name, all commands are searched.
If there is more than one command with the specified name in different scopes, it is not guaranteed which one will be actually executed. Therefore, if you know that there are commands with the same name but different scopes, you must explicitly prefix the command name with the scope to ensure that you will get executed exactly the command you want.
The legacy commands, adapted by the Equinox console, have scope equinox.

Getting Help for Commands

The default help command in Gogo lists the names of the registered commands, and if it is called with a command name as an argument, it displays help message for the specified command. The default help command does not provide help for the legacy Equinox commands, which are adapted by the Equinox console. For this reason the Equinox console provides its own help command, which calls the default help, but could also provide help for the legacy commands.
If no argument is specified the names of all new commands are displayed.
If a command name is specified, the help message for this command is displayed. If the command is legacy and the CommandProvider, which provides this command, does not provide separate help for each command (this is a new feature, introduced in Equinox 3.7), then the help messages for all commands in this CommandProvider are displayed.
The help command supports -scope argument, which should be used as follows: help -scope <command_scope>. Thus the help command will display help only for the commands with the specified scope.
There is also a man command. It accepts the same arguments as the help command and has the same semantics.

Writing Gogo Commands

Writing Gogo commands is easy. You have to do the following: Something new for Gogo commands are the converters and formatters.
The converter is a class which converts the arguments, passed on the command line, to the actual arguments, which the command accepts. For example, the command may have one argument of type Bundle. There may be a converter, which from a long finds the bundle with this id. Then the command may be called with the ID of the bundle as an argument, the converter will convert it to the corresponding Bundle object and the command method will be called with this object as an argument.
The formatter is a class which displays the result, returned by the command method.
For more information on Gogo commands, you can check the Gogo documentation.

Tab Completion

The console provides tab completion. This feature is available only when connecting through telnet or ssh.
Completion is available for: When the tab key is typed, all possible candidates for completion for the current word are searched. If there is only one possible completion, the current word is automatically completed. If there are more than one options, all are displayed in a column. The possible options can be iterated by hitting tab multiple times, until the desired completion candidate is reached.
If longest common prefix of all available completion candidates is longer than the current word, then the current word is completed automatically to this prefix, before choosing the final completion. For example, if we have the following available completions for the word bun: the current word is completed automatically to bundle, and then by hitting tab you can choose which completion you like, or may type it for yourself.
The console allows custom command completers to be provided. A custom completer should implement the interface org.eclipse.equinox.console.common.Completer, provided by the bundle of the Equinox console. It has the single method getCandidates, which get as a parameter the whole command line and the current cursor position in it, and returns a map with all completion candidates, and the position in the command line, on which the completion begins. The keys in the map are the candidates, and the values - the start position for the completion.

Command Line Editing

Both with telnet and ssh command line editing is available in addition to tab completion. The following functions are supported: These functions are supported also when the the console is run standalone with Equinox. In PDE these features are not supported.

Closing Telnet or Ssh Session

Both telnet and ssh sessions are closed with the disconnect command.

Running Non-interactive Shell

In some cases you may wish to run the console without an interactive session. In this case, the console can be connected from telnet and ssh, but is not available on standard in and out. For this the following property should be specified: -Dgosh.args=--nointeractive