tshbot is a lightweight tool that enables you to execute shell commands on Linux systems via Telegram.
Initially it was developed with the idea of conveniently running commands on devices like Raspberry Pi remotely, eliminating the need to use SSH. Designed for ease of use, tshbot does not require complex setups such as VPNs or NAT traversal, simplifying your remote management experience.
-
Secure execution: Send shell commands securely through your Telegram
-
No complex setup: Forget about VPNs or NAT traversal -
tshbotsimplifies remote access -
Shortcuts for commands: Set up shortcuts to run frequently used commands quickly and easily
-
Flexibility: You have the option to run arbitrary shell commands. This can be enabled or disabled based on your preference for security
- Start a chat with BotFather: Open Telegram and search for "@BotFather". Start a chat with this bot, which is the official bot creation tool from Telegram;
- Create a new bot: Send the command
/newbotto BotFather; - Set a name for your bot: Follow the prompts and provide a name for your bot. This will be the public name that users see;
- Set a username for your bot: Next, you'll need to choose a unique username for your bot (this username must contain "bot").
After completing these steps, BotFather will provide you with a token. This is your bot’s authentication token, which you’ll use to send and receive messages via the Telegram API.
-
Start a chat with your bot: Find your bot on Telegram using the username you set and start a conversation;
-
Paste the following URL into your browser, replacing
<YourBotToken>with the token you received from BotFather:https://api.telegram.org/bot<YourBotToken>/getUpdates -
Find your chat ID: Look for a number labeled
"chat":{"id":in the response.
You can download the appropriate pre-compiled binary for your platform from the available releases.
mkdir -p ~/bin
wget \
-O ~/bin/tshbot \
https://github.com/vmikk/tshbot/releases/download/0.2/tshbot-linux-amd64
chmod +x ~/bin/tshbotmkdir -p ~/bin
wget \
-O ~/bin/tshbot \
https://github.com/vmikk/tshbot/releases/download/0.2/tshbot-linux-arm
chmod +x ~/bin/tshbotCreate a configuration file at ~/.config/tshbot/tshbot.config with the following content:
bot_log_file: "/path/to/your/logfile.log"
bash_cmd: "/bin/bash"
tg_bot_token: "YOUR_TELEGRAM_BOT_TOKEN"
tg_bot_chat_id: "YOUR_TELEGRAM_CHAT_ID"
command_timeout: 300
allow_arguments: false
allowed_cmds:
pingg: 'ping -c 3 8.8.8.8'
uptime: 'uptime'
runscript: 'bash ~/bin/myscript.sh'
shell: ""
help_message: "Use /commands to see available commands."Replace /path/to/your/logfile.log, YOUR_TELEGRAM_BOT_TOKEN, and YOUR_TELEGRAM_CHAT_ID with your actual paths and credentials.
In the allowed_cmds section of the config, you can configure shortcuts for various shell commands that you wish to use frequently. This section is structured as a dictionary where each entry consists of two parts:
- Shortcut Name: The key on the left side of the colon (
:) represents the name of the shortcut. This is a unique identifier you will use to refer to the command; - Command: The value on the right side of the colon is the actual command that will be executed in the shell when the shortcut is used.
For example, the shortcut pingg will execute the command ping -c 3 8.8.8.8.
Parameter command_timeout sets the timeout for old commands (in seconds). If the command is older than the timeout, it will be ignored. For example, setting command_timeout: 300 will ignore commands older than 5 minutes.
Caution
Allowing execution of arbitrary shell commands can be potentially dangerous.
It may lead to unauthorized access, system compromise, or data loss.
To mitigate these risks, you may remove the shell shortcut from the allowed_cmds configuration.
This will allow only the white-listed commands specified in allowed_cmds.
Similarly, enabling allow_arguments can pose security risks as it allows passing arbitrary arguments
to white-listed commands. Only enable this feature if you trust the users and have properly sanitized
your scripts against malicious input.
~/bin/tshbotNow you can send command via Telegram.
The configuration file (tshbot.config) should contain the following fields:
bot_log_file: Path to the log filebash_cmd: Path to the bash executabletg_bot_token: Telegram bot tokentg_bot_chat_id: Telegram chat ID for the botcommand_timeout: Timeout for old commands (in seconds)allow_arguments: Enable or disable passing arguments to white-listed commands (default: false)allowed_cmds: A map of command shortcuts to the actual shell commandshelp_message: Message displayed when the /help command is issued
/help: Displays the help message/commands: Lists all available commands- used-defined shortcuts (specified in
allowed_cmds): Execute a predefined command based on the shortcut defined in the configuration (e.g.,/cmd) /shell[command]: Executes a shell command directly (if allowed in the configuration)
Using the example configuration file shown above, you can send the following commands via Telegram:
- Sending
/uptimevia Telegram will executeuptimeon the server. - Sending
/shell uname -awill executeuname -aon the server.
The tool logs its activities and command executions to the specified log file. Make sure the bot has write permissions to the log file.
To ensure tshbot starts automatically on your system, you can create a systemd service file.
Follow these steps to set it up:
sudo nano /etc/systemd/system/tshbot.serviceAdd the following content to the file:
[Unit]
Description=tshbot service
After=network.target
[Service]
Type=simple
User=pi
ExecStart=/home/pi/bin/tshbot
Restart=on-failure
[Install]
WantedBy=multi-user.targetUser=pi: Changepito the user that should run the service if differentExecStart=/home/pi/bin/tshbot: If different, change to the actual path of thetshbotbinary
sudo systemctl daemon-reloadEnable the tshbot service to start on boot
sudo systemctl enable tshbot.serviceStart the tshbot service
sudo systemctl start tshbot.serviceTo check the status of the tshbot service and to ensure it is running correctly, use:
sudo systemctl status tshbot.serviceIf everything is set up correctly, you should see an active (running) status.
To start the service:
sudo systemctl start tshbot.serviceTo stop the service:
sudo systemctl stop tshbot.serviceTo restart the service:
sudo systemctl restart tshbot.serviceTo check the service logs:
sudo journalctl -u tshbot.serviceTo manually build the tshbot binary for different architectures, including ARM for Raspberry Pi, follow these instructions:
Prerequisites
- Go programming language installed on your system. You can download it from the official Go website
- Source code of
tshbotcloned from the repository
To build the binary for your local system, simply run the following command in the project directory:
go build tshbot.goThis will generate a binary named tshbot in the current directory.
To build a binary for ARM architecture use the following command:
env GOOS=linux GOARCH=arm go build -o tshbot tshbot.goThis command sets the GOOS and GOARCH environment variables to target the ARM architecture on Linux systems.
If you need to build for ARM64 architecture, use this command instead:
env GOOS=linux GOARCH=arm64 go build -o tshbot-linux-arm64 tshbot.goThis project was inspired by fnzv/trsh-go.