Use the VShellConfig Command-Line Application Use the VShellConfig Command-Line Application
VShellConfig is a command-line application that allows interactive and scripted operations such as exporting and importing registry configuration settings, listing files, and adding and deleting access controls and SFTP roots for Microsoft Windows, and managing the user database.
Command-Line Options
The general format for VShellConfig command-line options is as follows:
vshellconfig [option]
When run with no argument, the above command will take you into a vshellconfig> prompt from which you can run one command at a time. It will return 0 on success and greater than 0 upon any failures.
|
Option |
Description |
|
--config <config> |
Edits the given server configuration found in the following registry: \ HKEY_LOCAL_MACHINE\SOFTWARE\VanDyke\VShell\< config> Without this parameter the default configuration is edited. If the < config> doesn't exist on startup and no save command is executed, no new registry hive will be created. |
|
- f <command file> |
Runs the commands in <command file> and then exits (without needing an exit command). The changes will not be saved unless the "save" command is at the end of the file - without the save command the file is essentially just tested for errors. The results can be redirected to a file for later use (such as scripts to recreate configurations). |
Command-Line Operations
The general format for VShellConfig command-line operations is as follows:
vshellconfig [operation]
Export and import Operations
Configuration settings in the registry can be exported or imported using the export and import command-line operations. If no additional arguments are specified, all settings are included. Individual settings can be included or excluded using the --include and --exclude options.
Note: Export and import operations are mutually exclusive.
Filenames for export and import must always use .xml as the file extension. If no extension is specified .xml will be used. Only one registry configuration can be exported from or imported to at a time. The --config command-line option can be used to specify non-default configurations for import and export.
Settings that can be exported or imported include the following:
registry - the server settings stored in the registry for the specified configuration.
deny-hosts - the deny hosts file as specified by the configuration.
host-keys - the host key files specified by the configuration.
motd - the Message of the Day file specified by the configuration.
auth-banner - the authentication banner file specified by the configuration.
license - the license information specified in the registry or the license file.
subconfigs - the subconfiguration file specified by the configuration.
user-database - the user database file specified by the configuration.
ftp-ssl-cert - the FTPS certificate file specified by the configuration.
When exporting or importing, a log file with the same base name as the .xml file will be created in the same folder, but with an extension of .log. If this file already exists, log entries are appended to the end of the file. Warnings for invalid data are logged during import, except in cases where the key or data is not specified or specified as blank.
The following table defines the export and import operations for VShellConfig.
|
Operation |
Description |
|
export <xml-filename> |
Exports settings from your VShellConfig file to the specified file. |
|
export --include |
Exports only the specified configuration settings. The format for this operation is: export --include <option>[,<option>,...,<option>] <xml-filename> |
|
export --exclude |
Exports all configuration settings excluding the specified options. The format for this operation is: export --exclude <option>[,<option>,...,<option>] <xml-filename> |
|
import <xml-filename> |
Imports settings from the specified file to your VShellConfig file. |
|
import --include |
Imports only the specified configuration settings. The format for this operation is: import --include <option>[,<option>,...,<option>] <xml-filename> |
|
import --exclude |
Imports all configuration settings excluding the specified options. The format for this operation is: import --exclude <option>[,<option>,...,<option>] <xml-filename> |
Exec Operations
The following table defines the exec operations for VShellConfig.
|
Operation |
Description |
|
exec <command-filename> |
Executes the specified command file. Command files are text files that contain commands listed in the Interactive Commands section below. |
Interactive Commands
The commands in this section can be used interactively on the command line or in scripts.
General Commands
The following table defines the general commands for VShellConfig.
|
Command |
Description |
|
help |
Displays the command summary. |
|
save |
Saves any changes. When running from a command file, saving is NOT done automatically. Not typing save allows the user to test a set of commands before committing them. Error if they can't save for some reason. If multiple users editing with VShellConfig and the Control Panel, last save wins. |
|
exit |
Exits interactive mode. When running from a command file, exit is not necessary because an exit will occur when the file ends. If there are unsaved changes a warning will be displayed, type "exit" again to exit without saving. |
ACL Commands
This set of commands allows a user to list, add, or remove entries in the Access Control List (ACL) from the command line of a machine on which a VShell server is running (thus allowing a user to remotely configure access controls on a server that they have shell access to as well).
The general format for ACL commands is as follows:
acl <command> [arguments]
The access modes are as follows: all, login, exec, portforward [ pf], remoteforward [ rf], scp, sftp, shell.
|
Command |
Argument |
Description |
|
acl list |
|
Lists the existing ACLs. Example: > acl list MyComputer\jdoe deny portforward remoteforward Everyone allow login shell sftp portforward exec MyComputer\jdoe allow login shell > |
|
acl add |
<user> [allow <access>] [deny <access>] |
Adds an entire ACL entry for a given user or can modify access for an existing user’s access control entry. An "allow" or "deny" argument is required on the command line, but not both. Multiple allows or denys are allowed on the command line. The allow and deny lists can be separated by a comma (,) or a space ( ). Examples: > acl add jdoe allow login shell > acl jdoe@nm deny sftp allow login allow shell deny pf > acl MyComputer\jdoe deny sftp |
|
acl remove
|
[<user> [allow <access>] [deny <access>]] |
Removes an entire ACL entry for a given user, or can be used to modify access for an existing user’s access control entry.
Examples: > acl remove jdoe allow shell > acl remove jdoe@nm |
SFTP Root Commands
This set of commands allows a user to list, add, or remove specific SFTP roots and access to the roots defined on a VShell server. The commands may be run from a machine on which a VShell server is running (thus allowing a user to remotely configure SFTP roots on a server that they have shell access to as well).
The general format for SFTP commands is as follows:
sftp <command> [<alias>] [arguments]
"<Unrestricted>" is a special alias for the unrestricted access and will have special behavior for the remove command.
|
Command |
Argument |
Description |
|
sftp list |
[<alias>] |
Lists either the SFTP roots or the user access to a specific SFTP root. If the SFTP root path has a space in it, the path will be quoted (for example, " c:\Program Files").
Examples: > sftp list <Unrestricted> * MyTemp c:\temp MyJunk c:\temp > sftp list <Unrestricted> deny <Unrestricted> MyComputer\jdoe allow <Unrestricted> Everyone > sftp list MyTemp allow MyTemp MyComputer\jdoe > |
|
sftp add
|
<alias> <path> |
Adds a new SFTP root. The <path> can include environment variables like the control panel. A path with a space in it needs to be quoted. Examples: > sftp add MyTemp c:\temp > sftp add MyTemp2 " c:\Program Files" |
|
sftp remove
|
[<alias> [<user>]] |
Removes SFTP roots or users from the root.
Examples: > sftp remove MyTemp jdoe > sftp remove MyTemp MyComputer\jdoe > sftp remove MyTemp jdoe@MyComputer > sftp remove MyTemp > sftp remove |
|
sftp allow
|
<alias> <user> |
Adds a <user> to access a given root. Examples: > sftp allow <Unrestricted> jdoe > sftp allow MyTemp jdoe > sftp allow MyTemp MyComputer\jdoe > sftp allow MyTemp jdoe@MyComputer |
|
sftp deny
|
<alias> <user> |
Denies a <user> to access a given root. Examples: > sftp deny <Unrestricted> jdoe > sftp deny MyTemp jdoe > sftp deny MyTemp MyComputer\jdoe > sftp deny MyTemp jdoe@MyComputer |
User Commands
This set of commands allows a user to make changes to the user database.
The general format for user commands is as follows:
user <command> [arguments]
|
Command |
Argument |
Description |
|
user list |
|
Lists the username and the full name of all the users in the database. |
|
user add |
<username> <password> [optional full name] |
Adds the specified user to the database. The username and password arguments are required in the specified order. |
|
user remove
|
<username> |
Removes the specified user from the database |
|
user edit |
<username> [password <new password>] [fullname <new fullname>] |
Changes either the user's password, fullname, or both. The username argument is required, as is at least one of the other arguments, either password or fullname. If the password argument is used, the new password argument is required as well. The same is true for the fullname and new fullname arguments.
|