github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-18 18:27:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): harden imessage remote scp/ssh handling

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-19 11:07:56 +01:00
parent cdb00fe242
commit 49d0def6d1
12 changed files with 150 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
docs/channels/imessage.md
View File

@@ -103,6 +103,8 @@ exec ssh -T gateway-host imsg "$@"
```
If `remoteHost` is not set, OpenClaw attempts to auto-detect it by parsing the SSH wrapper script.
`remoteHost` must be `host` or `user@host` (no spaces or SSH options).
OpenClaw uses strict host-key checking for SCP, so the relay host key must already exist in `~/.ssh/known_hosts`.
</Tab>
</Tabs>
@@ -224,6 +226,7 @@ exec ssh -T bot@mac-mini.tailnet-1234.ts.net imsg "$@"
```
Use SSH keys so both SSH and SCP are non-interactive.
Ensure the host key is trusted first (for example `ssh bot@mac-mini.tailnet-1234.ts.net`) so `known_hosts` is populated.
</Accordion>
@@ -241,6 +244,7 @@ exec ssh -T bot@mac-mini.tailnet-1234.ts.net imsg "$@"
<Accordion title="Attachments and media">
- inbound attachment ingestion is optional: `channels.imessage.includeAttachments`
- remote attachment paths can be fetched via SCP when `remoteHost` is set
- SCP uses strict host-key checking (`StrictHostKeyChecking=yes`)
- outbound media size uses `channels.imessage.mediaMaxMb` (default 16 MB)
</Accordion>
@@ -326,6 +330,7 @@ openclaw channels status --probe
- `channels.imessage.remoteHost`
- SSH/SCP key auth from the gateway host
- host key exists in `~/.ssh/known_hosts` on the gateway host
- remote path readability on the Mac running Messages
</Accordion>

3
docs/gateway/configuration-reference.md
View File

@@ -404,7 +404,8 @@ OpenClaw spawns `imsg rpc` (JSON-RPC over stdio). No daemon or port required.
- Requires Full Disk Access to the Messages DB.
- Prefer `chat_id:<id>` targets. Use `imsg chats --limit 20` to list chats.
- `cliPath` can point to an SSH wrapper; set `remoteHost` for SCP attachment fetching.
- `cliPath` can point to an SSH wrapper; set `remoteHost` (`host` or `user@host`) for SCP attachment fetching.
- SCP uses strict host-key checking, so ensure the relay host key already exists in `~/.ssh/known_hosts`.
<Accordion title="iMessage SSH wrapper example">

1
docs/platforms/mac/remote.md
View File

@@ -56,6 +56,7 @@ Remote mode supports two transports:
## Security notes
- Prefer loopback binds on the remote host and connect via SSH or Tailscale.
- SSH tunneling uses strict host-key checking; trust the host key first so it exists in `~/.ssh/known_hosts`.
- If you bind the Gateway to a non-loopback interface, require token/password auth.
- See [Security](/gateway/security) and [Tailscale](/gateway/tailscale).