Getting Ostiary

Table of Contents

  1. Introduction
  2. How Ostiary Works
  3. Complications
  4. Getting Ostiary
    1. Unix Server and Client
    2. iOS Client
    3. Android Client
    4. Palm Client
    5. Windows Client
    6. Java Client
    7. Old Versions
  5. Installing Ostiary
  6. Alternatives to Ostiary
  7. FAQs


Ostiary is distributed under the GPL (GNU Public License). Basically, that means that you can take the source code and do whatever you like with it, but if you distribute modified versions of the binaries, you have to distribute the modified source code as well. Follow the link for the details.

Version Notes - 4.0

The major change is that Ostiary 4.0 now uses HMAC-SHA256, not HMAC-SHA1. This means that it is not compatible with older versions.

A few minor changes to the log messages have been made, too. See the CHANGELOG file for details.

Unix Server and Client

Ostiary is available in both source and binary form, but the server only runs on POSIX systems. I've successfully compiled and run it on Linux, OSX, NetBSD, Solaris, AIX, Compaq Tru64, HP-UX, and IRIX. It will compile and run on Cygwin, though there's some issues with users and groups on that platform.

Source is available for 'ostiaryd', and 'ostclient', the command-line client that will do the challenge-response ostiaryd's looking for. Man pages are included for ostiaryd, ostclient, and 'ostiary.cfg', the config file for ostiaryd.

iOS Client

Thanks to the efforts of Christian Mueller, there is now an Ostiary client for iOS - so all you iPhone and iPad users can now trigger scripts on an Ostiary server just like any other first-class citizen of the net. It's available in the App Store.

The source code can be downloaded below - OstiaryIOS.tgz.

Android Client

I wrote this because I've moved on from my Treo 650 to an Android phone, and needed an Ostiary client. It works fine on my Droid:

Android Ostclient screenshot

...and seems to work all right in the emulator back to Android 1.5. If it doesn't work on your device, let me know!

You can see the manual here. The app can be downloaded below - Ostiary.apk - or you can use this handy QR code:

Ostclient QR code

Palm Client

It runs fine on my Palm IIIxe (OS 3.5.3), and should work all the way back to OS 2.0 Pro (basically any Palm with the Net Library). It runs fine on OS5.x devices like my Treo 650, too.

Here's a screenshot:

Ostclient screenshot

You enter the host and port in the first field, and the password in the second field. The "Hide pass" checkbox will conceal or reveal the password, to help prevent snoopers from reading it. The "Exec" button actually sends the command.

The "Rcvd:" and "Sent:" fields show the 'salt' hash that came from the server, and the response that the client sent back. (BTW: if you get a zero-length hash from a server, you're probably locked out...)

Windows Client

This version does not require the Cygwin runtime dlls. Sorry, the only way to run an Ostiary server on Windows right now is with Cygwin. (I suppose maybe "Services for Unix" might work, but I haven't tried it.)

Java Client

The java Ostiary client works as a command-line application ("java -jar ostiary.jar"), but more interestingly, it also works an applet suitable for embedding on a webpage. When combined with, say, a Java SSH applet (such as this one or this one), you can have a secure remote connection using any Java-enabled web browser, without installing any extra software onto a machine.

Source code and documentation on how to set it up in a web page is included in the package.


Please let me know ASAP if these checksums don't match what you get.

ostiary-4.0-1.i386.rpmLinux/i386 RPM36c4b46e3b5f84f6d624abed8404740029f1063d125bb02189a1ead0d47f8a117574a091
ostiary-4.0-1.src.rpmSource RPM9e854163f7aa41dcc28bc6b9b80af1b5802488abebbd5baecfd12a506e57e86408c32a70
ostiary_4.0-1_i386.debLinux/i386 Debian package (client)8ad9ccc626eb79c36d39ef504f6e3c91343c30d40c0b87a3d3c3b0b599dfa5d27e4e914f
ostclient-4.0.zipPalm clientb68dc69286e06fe641c63e37e6a819ed9d8fde0790e19835ff5035c02461a6549d195cea
Ostiary.apkAndroid clientf2f081772f104266d44f61c462b0828e388ebc0a9c09ef13bc901e1d8e323aa707fdd8e4
androst.zipAndroid client source907e973ce3f20b5b3ade6d27228ab7e419c51b2db36f6071ca0f502c99955b736d67ede2
palmost-4.0.tar.gzPalm client source01ec0fa6fbdc01b7b1bfe2909b62f122a574add5d35a183c446c9ec342e61993b1d64c30
winclient-4.0.zipWindows Clientbec2c6002e09c2a88ff5ddee11297397e7d0d4ba52c764ad4b403fbf736be6f8850cca81
javost-4.0.zipJava Client and sourceaf22ce89e721c3f9e98200d35318a4a439a6ebe616d540c5089cadcdd8a62a9d722bbf71
ostiary-4.0.tar.gzPOSIX and Windows source420d1fda246097d7e4d1277f39069578725a966d4eb97b69d1b6407011bb6bfabc7ae82b
OstiaryIOS.tgziOS (iPad and iPod and iPhone) source code5b4e0f93e7ed66ec3eaf8e9580226f1a6407acb8b91609a707bc0ac4d2085cb55172392b

Old Versions

You can find older versions of the Ostiary software here. While there are no known major bugs, the fundamental algorithms used are not expected to be as secure as later versions. I don't recommend using them at this point, but for historical interest, there they are.