Telnet authentication
At the moment the telnet server is reachable without authentication for everyone in the AURA_ENGINE_TELNET_HOST
range. Everybody with access can connect to the telnet server and therefore mess with the playout.
telnet aura.local 1234
Our sample configuration for AURA_ENGINE_TELNET_HOST
is 0.0.0.0
. Should this be 127.0.0.1
instead? Then only users on the host machine of engine-core
can access the telnet server.
It would be great to have some kind of authentication for the telnet client. Liquidsoap itself does not provide any authentication method but has a workaround with a socket and a custom shell.
Rather than doing our own home-made secure acces, we believe that our users should be able to define their own secure access to the command server, taking advantage of a mainstream authentication mechanism, for instance HTTP or SSH login
More information about that here.
We currently provide the option to disable the telnet server completely. Maybe it is sufficient to disable it and use a socket, just like the python client does. @david do you think a light custom shell is doable? And do you think this authentication is necessary at all?
I do like the option to access liquidsoap through a direct control shell / telnet server. This way an admin can quickly fix wrongly scheduled timeslots or broken audio files.