Automated execution of Karaf commands

Setup, Configuration and Use Beginners
,
1

Hi there!

I need some help with automated execution of Karaf commands. I have the Osram Lightify binding in place, but after a couple of days it stops working. I need to restart the binding in order to keep it working.

But I struggle to execute the bundle:restart command in an automated way, for example via cronjob. I cannot find out how to provide the password via keys-file. I’m using openHABianPi 2.3.

Here’s what I tried:

sudo su
mkdir /home/openhab
chown openhab:openhab /home/openhab
cd /home/openhab
sudo -u openhab ssh-keygen -t rsa -f openhab.id_rsa

Then I pasted the public key to /var/lib/openhab2/etc/keys.properties:

karaf=AAAA...29tb0Z,_g_:admingroup

and left the existing entry commented out.

Then I tried to connect via SSH, but it kept asking me for a password:

sudo -u openhab ssh -p 8101 -i /home/openhab/openhab.id_rsa openhab@localhost

Does anyone have an idea what I’m doing wrong?

Best regards,
cd_

2

You have few options. Ssh key shouls work out of the box once you have a proper configuration.

Last option is clear text authentication with sshpass -p 'YourPassword' ssh user@host.
Ssh client can accept also command to be executed - if you do not specify it then client will connect and then exit after time out.

3

Use openhab@127.0.0.1 instead of openhab@localhost.
That solved the issue for me.

4

Unfortunately using 127.0.0.1 does not solve the issue for me.

5

Do any connections work? For example can you login and execute ls?

6

I ask because I thought the home directory for openHAB was not /home/openHAB? It will depend on openHAB install method though.

7

@Thedannymullen: I think I did not get your point…

If I understand my openHAB installation correctly, openhab is the user in whichs context the openHAB service is running. The account does not provide shell access. But I think accessing the Karaf console via SSH must be done with exactly that user.

8

I was asking if you copied your keys to the correct directory. I don’t believe The openHAB user Has /home/openHAB as the home directory.

Therefor when you try to ssh it will not look for the key in that directory.

1 Like
9

@Thedannymullen: you were right…

$ eval echo ~openhab
/var/lib/openhab2

So then I created a key in that home directory and added it to the authorized_keys file, whilst checking access rights:

/var/lib/openhab2# sudo -u openhab ssh-keygen -t rsa -f openhab.id_rsa
cat openhab.id_rsa.pub >>.ssh/authorized_keys

Access rights:

136384 4 drwx------+  2 openhab openhab    4096 Nov  3 10:38 .ssh
136389 4 -rw-------   1 openhab openhab     402 Nov  3 10:38 authorized_keys

As stated before, I added the public key to keys.properties, then again I tried to access the Karaf console:

sudo -u openhab ssh -p 8101 -i /var/lib/openhab2/openhab.id_rsa openhab@localhost

It still asks for password athentication.

10

Which password though? The karaf password or the sudo password?

You should get asked for sudo password unless you modified sudoers

11

As I’m executing in root context, it should be the Karaf prompt. The following should support this argument:

# sudo -u openhab ssh
usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
           [-D [bind_address:]port] [-E log_file] [-e escape_char]
           [-F configfile] [-I pkcs11] [-i identity_file]
           [-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec]
           [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address]
           [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]]
           [user@]hostname [command]
12

Can you ssh into karat as you without a password? Setup required of courseZ. But it is not that hard.

13

@ceedee looking at it do you have your keys reversed?

When I want to auto login to my pi I do the following.

  1. Create the keys
  2. Copy the public key to the target host aka karaf in your case. authorized_keys
  3. Leave the private key in my home dir. named id_rsa
14

I am not sure if this topic has been solved already. But it took me a while to solve it. And now I can do some nice shell scripting with the console w/o login. The following ssh request is using the id_rsa.pub certificate, which is the default setting. If your certificate is called differently, use the second variant

`

ssh -p 8101 openhab@localhost "smarthome:...."
   *or*
ssh -p 8101 -i <path_to_public_certificate> openhab@localhost "smarthome:...."

`

The way forward is to add the public certificate information from the id_rsa.pub file into the /var/lib/openhab2/etc/keys.properties in the following way

openhab= <certifacte_data>,_g_:admingroup
_g_\:admingroup = group,admin,manager,viewer,systembundles,ssh

(The last line was already in my keys.properties file.)

15

Old topic, but i have an issue now. I used to habe multible lines with openhab as user in my keys.properties file. Since Openhab3 only the last line will be accepted the others wont work anymore. Different keys per application:

#karaf=AAAA11111111111111,_g_:admingroup
# Container talks to itself:
openhab=AAAA222222222222,_g_:admingroup
# Docker01 2020-04-21
openhab=AAAA333333333333,_g_:admingroup
# Docker02 2020-04-24
openhab=AAAA444444444444,_g_:admingroup
# Putty
openhab=AAAA555555555555,_g_:admingroup

_g_\:admingroup = group,admin,manager,viewer,systembundles
16

Is it possible to separate two public keys by comma ?
Like:

openhab=AAAA222222222222,AAAA333333333333,_g_:admingroup
17

Just for the record: I moved on to a more radical solution and reboot my openHAB system in case I detect problems in a monitoring job (which watches out for OOM situations).