Ostiary is distributed under the GPL (GNU Public License). Basically, that means that you can take the source code and do whatever you like with it, but if you distribute modified versions of the binaries, you have to distribute the modified source code as well. Follow the link for the details.
The major change is that Ostiary 4.0 now uses HMAC-SHA256, not HMAC-SHA1. This means that it is not compatible with older versions.
A few minor changes to the log messages have been made, too. See the CHANGELOG file for details.
Ostiary is available in both source and binary form, but the server only runs on POSIX systems. I've successfully compiled and run it on Linux, OSX, NetBSD, Solaris, AIX, Compaq Tru64, HP-UX, and IRIX. It will compile and run on Cygwin, though there's some issues with users and groups on that platform.
Source is available for 'ostiaryd', and 'ostclient', the command-line client that will do the challenge-response ostiaryd's looking for. Man pages are included for ostiaryd, ostclient, and 'ostiary.cfg', the config file for ostiaryd.
Thanks to the efforts of Christian Mueller, there is now an Ostiary client for iOS - so all you iPhone and iPad users can now trigger scripts on an Ostiary server just like any other first-class citizen of the net. It's available in the App Store.
The source code can be downloaded below - OstiaryIOS.tgz.
I wrote this because I've moved on from my Treo 650 to an Android phone, and needed an Ostiary client. It works fine on my Droid:
...and seems to work all right in the emulator back to Android 1.5. If it doesn't work on your device, let me know!
You can see the manual here. The app can be downloaded below - Ostiary.apk - or you can use this handy QR code:
It runs fine on my Palm IIIxe (OS 3.5.3), and should work all the way back to OS 2.0 Pro (basically any Palm with the Net Library). It runs fine on OS5.x devices like my Treo 650, too.
Here's a screenshot:
You enter the host and port in the first field, and the password in the second field. The "Hide pass" checkbox will conceal or reveal the password, to help prevent snoopers from reading it. The "Exec" button actually sends the command.
The "Rcvd:" and "Sent:" fields show the 'salt' hash that came from the server, and the response that the client sent back. (BTW: if you get a zero-length hash from a server, you're probably locked out...)
This version does not require the Cygwin runtime dlls. Sorry, the only way to run an Ostiary server on Windows right now is with Cygwin. (I suppose maybe "Services for Unix" might work, but I haven't tried it.)
The java Ostiary client works as a command-line application ("java -jar ostiary.jar"), but more interestingly, it also works an applet suitable for embedding on a webpage. When combined with, say, a Java SSH applet (such as this one or this one), you can have a secure remote connection using any Java-enabled web browser, without installing any extra software onto a machine.
Source code and documentation on how to set it up in a web page is included in the package.
Please let me know ASAP if these checksums don't match what you get.
|ostiary_4.0-1_i386.deb||Linux/i386 Debian package (client)||8ad9ccc626eb79c36d39ef504f6e3c91||343c30d40c0b87a3d3c3b0b599dfa5d27e4e914f|
|androst.zip||Android client source||907e973ce3f20b5b3ade6d27228ab7e4||19c51b2db36f6071ca0f502c99955b736d67ede2|
|palmost-4.0.tar.gz||Palm client source||01ec0fa6fbdc01b7b1bfe2909b62f122||a574add5d35a183c446c9ec342e61993b1d64c30|
|javost-4.0.zip||Java Client and source||af22ce89e721c3f9e98200d35318a4a4||39a6ebe616d540c5089cadcdd8a62a9d722bbf71|
|ostiary-4.0.tar.gz||POSIX and Windows source||420d1fda246097d7e4d1277f39069578||725a966d4eb97b69d1b6407011bb6bfabc7ae82b|
|OstiaryIOS.tgz||iOS (iPad and iPod and iPhone) source code||5b4e0f93e7ed66ec3eaf8e9580226f1a||6407acb8b91609a707bc0ac4d2085cb55172392b|
You can find older versions of the Ostiary software here. While there are no known major bugs, the fundamental algorithms used are not expected to be as secure as later versions. I don't recommend using them at this point, but for historical interest, there they are.