I need some help with automated execution of Karaf commands. I have the Osram Lightify binding in place, but after a couple of days it stops working. I need to restart the binding in order to keep it working.
But I struggle to execute the bundle:restart command in an automated way, for example via cronjob. I cannot find out how to provide the password via keys-file. I’m using openHABianPi 2.3.
Here’s what I tried:
chown openhab:openhab /home/openhab
sudo -u openhab ssh-keygen -t rsa -f openhab.id_rsa
Then I pasted the public key to
and left the existing entry commented out.
Then I tried to connect via SSH, but it kept asking me for a password:
sudo -u openhab ssh -p 8101 -i /home/openhab/openhab.id_rsa openhab@localhost
Does anyone have an idea what I’m doing wrong?
You have few options. Ssh key shouls work out of the box once you have a proper configuration.
Last option is clear text authentication with
sshpass -p 'YourPassword' ssh user@host.
Ssh client can accept also command to be executed - if you do not specify it then client will connect and then exit after time out.
Use email@example.com instead of openhab@localhost.
That solved the issue for me.
Unfortunately using 127.0.0.1 does not solve the issue for me.
Do any connections work? For example can you login and execute ls?
I ask because I thought the home directory for openHAB was not /home/openHAB? It will depend on openHAB install method though.
@Thedannymullen: I think I did not get your point…
If I understand my openHAB installation correctly, openhab is the user in whichs context the openHAB service is running. The account does not provide shell access. But I think accessing the Karaf console via SSH must be done with exactly that user.
I was asking if you copied your keys to the correct directory. I don’t believe The openHAB user Has /home/openHAB as the home directory.
Therefor when you try to ssh it will not look for the key in that directory.
@Thedannymullen: you were right…
$ eval echo ~openhab
So then I created a key in that home directory and added it to the authorized_keys file, whilst checking access rights:
/var/lib/openhab2# sudo -u openhab ssh-keygen -t rsa -f openhab.id_rsa
cat openhab.id_rsa.pub >>.ssh/authorized_keys
136384 4 drwx------+ 2 openhab openhab 4096 Nov 3 10:38 .ssh
136389 4 -rw------- 1 openhab openhab 402 Nov 3 10:38 authorized_keys
As stated before, I added the public key to
keys.properties, then again I tried to access the Karaf console:
sudo -u openhab ssh -p 8101 -i /var/lib/openhab2/openhab.id_rsa openhab@localhost
It still asks for password athentication.
Which password though? The karaf password or the sudo password?
You should get asked for sudo password unless you modified sudoers
As I’m executing in root context, it should be the Karaf prompt. The following should support this argument:
# sudo -u openhab ssh
usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
[-D [bind_address:]port] [-E log_file] [-e escape_char]
[-F configfile] [-I pkcs11] [-i identity_file]
[-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec]
[-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address]
[-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]]
Can you ssh into karat as you without a password? Setup required of courseZ. But it is not that hard.
@ceedee looking at it do you have your keys reversed?
When I want to auto login to my pi I do the following.
- Create the keys
- Copy the public key to the target host aka karaf in your case. authorized_keys
- Leave the private key in my home dir. named id_rsa
I am not sure if this topic has been solved already. But it took me a while to solve it. And now I can do some nice shell scripting with the console w/o login. The following ssh request is using the id_rsa.pub certificate, which is the default setting. If your certificate is called differently, use the second variant
ssh -p 8101 openhab@localhost "smarthome:...."
ssh -p 8101 -i <path_to_public_certificate> openhab@localhost "smarthome:...."
The way forward is to add the public certificate information from the id_rsa.pub file into the /var/lib/openhab2/etc/keys.properties in the following way
_g_\:admingroup = group,admin,manager,viewer,systembundles,ssh
(The last line was already in my keys.properties file.)
Old topic, but i have an issue now. I used to habe multible lines with openhab as user in my keys.properties file. Since Openhab3 only the last line will be accepted the others wont work anymore. Different keys per application:
# Container talks to itself:
# Docker01 2020-04-21
# Docker02 2020-04-24
_g_\:admingroup = group,admin,manager,viewer,systembundles
Is it possible to separate two public keys by comma ?
Just for the record: I moved on to a more radical solution and reboot my openHAB system in case I detect problems in a monitoring job (which watches out for OOM situations).