SSH
grlx provides a built-in remote shell that works entirely over the NATS message bus. No direct SSH access or network connectivity to the sprout is required — the farmer validates the request and the sprout spawns a PTY-backed shell process.
Basic Usage
Section titled “Basic Usage”Connect to a sprout by name:
grlx ssh my-sproutThis opens an interactive terminal session. Press Ctrl-D or type exit to end it.
Specifying a Shell
Section titled “Specifying a Shell”By default the sprout uses /bin/sh. Override with --shell:
grlx ssh my-sprout --shell /bin/bashCohort Targeting
Section titled “Cohort Targeting”Instead of naming a sprout directly, target a cohort with -C / --cohort:
grlx ssh -C webserversIf the cohort resolves to a single sprout, the connection opens immediately. If multiple sprouts match, an interactive picker is displayed so you can choose which one to connect to.
How It Works
Section titled “How It Works”- The CLI sends a shell request to the farmer over NATS.
- The farmer validates the requesting user’s identity and RBAC permissions.
- The target sprout spawns a PTY-backed shell process.
- Input and output are relayed through NATS in real time.
Because the connection runs over the message bus, sprouts behind firewalls or NAT are fully accessible — as long as they can reach the farmer’s NATS server.
Shell access is governed by the ssh action in the RBAC permission model. Users without the ssh permission on the target sprout’s cohort will be denied. See the RBAC documentation for details on configuring permissions.