i use openhabian 3.4.2 on raspberry pi and already changed the (triggeringItem.getName) in the rule with triggeringItemName.
that works fine but i was not able to run the ssh command (yes - it works if i try it in a shell).
to test a little bit faster i modified the execute command and tried one by one:
i always got the nearly same error: 2023-04-11 21:32:57.354 [WARN ] [rg.openhab.core.io.net.exec.ExecUtil] - Error occurred when executing commandLine ā[/bin/bash@@-c@@/usr/bin/ssh, openhab@localhost, -p, 8101, log:set, INFO, openhab.event.ItemStateChangedEvent]ā java.io.IOException: Cannot run program ā/bin/bash@@-c@@/usr/bin/sshā: error=2, No such file or directory
at java.lang.ProcessBuilder.start(ProcessBuilder.java:1128) ~[?:?]*
at java.lang.ProcessBuilder.start(ProcessBuilder.java:1071) ~[?:?]*
at org.openhab.core.io.net.exec.ExecUtil.executeCommandLine(ExecUtil.java:59) ~[?:?]*
at org.openhab.core.model.script.actions.Exec.executeCommandLine(Exec.java:40) ~[?:?]*
only the last one work - but it did not update the log level.
You donāt need a space between -p and 8101 and as openHAB will use openhab User, you donāt need to set this either
BUT.
This wonāt work as intended, because karaf user openhab is secured with a password. There is no way to set the password via option (like the port).
The correct way to circumvent this situation is to use a key file.
See the link within the thread you already linked to:
If set correctly, you donāt need to use the -i option.
There might be a pitfall (had this in my test system and it gave me some headache), and this is, that some permissions might be not set correct.
openHABian 1.7.5 (see Releases Ā· openhab/openhabian Ā· GitHub) sets the home directory for User openhab (which runs openHAB) to /var/lib/openhab.
You have to create a directory /var/lib/openhab/.ssh for the keys to let ssh use them without the need of option -i BUT
/var/lib/openhab/ must be set to drwxr-xr-x (but is set to drwxrwxr-x)
/var/lib/openhab/.ssh must be set to drwx------
The first point is mandatory if you want to use the key to login to the openHAB Server (GNU/Linux shell) and you wonāt get any information other than ādoesnāt workā unless you donāt look deeper into the logsā¦ Iām not 100% sure if you need that part for using the private key
So ensure that all permissions are set correct:
sudo chmod 755 /var/lib/openhab #maybe you don't need that part
sudo mkdir /var/lib/openhab/.ssh
sudo chown openhab: /var/lib/openhab/.ssh
sudo chmod 700 /var/lib/openhab/.ssh
This is the example within the file.
Obviously you have to change the part between openhab= and ,_g_:admingroup
Make sure that there is no comment # at the beginning of the line.
Save the file and check wether openHAB now is able to login with Karaf user openhab without using a password:
sudo -u openhab /usr/bin/ssh localhost -p8101
You should get into the karaf console:
_ _ _ ____
___ ___ ___ ___ | | | | / \ | __ )
/ _ \ / _ \ / _ \ / _ \ | |_| | / _ \ | _ \
| (_) | (_) | __/| | | || _ | / ___ \ | |_) )
\___/| __/ \___/|_| |_||_| |_|/_/ \_\|____/
|_| 3.4.2 - Release Build
Use '<tab>' for a list of available commands
and '[cmd] --help' for help on a specific command.
To exit, use '<ctrl-d>' or 'logout'.
Sounds veeery complex, but itās really simple if you:ve done it more than once
You also donāt need to use the command line anymore if youād rather avoid that. OH3 now has the logging available via the rest API. Hereās an example of using the http binding to set up an Item which sets the zwave logging level:
@JustinG great to know. iām an openhab user since 2015 but still very old school
so i would prefer the solution with the rule, but i will have a look at this way.
i didnāt use api tokens before, but i just checked - itās very well documented.
@Udo_Hartmann Thank you for your reply and the explanation.
The passwordless login is already working, that was not the problem.
I changed your syntax a little bit, because the shell user ist openhabian and karaf uses the user openhab, so iāve added the user to the localhost again.
in the shell the command ā/usr/bin/ssh openhab@localhost -p8101 log:set INFO openhab.event.ItemStateChangedEventā works very well,
in the ui i got an exception:
funny - i got the same exception during testing with a shellscript, to avoid using spaces with executeCommandLine
and now to the strange part about the ssh keys. my .ssh directory is in the openhabian home folder /home/.ssh and not in the /var/lib/openhab/.ssh.
should i change it - even if the passwordless login works fine in the shell?
NO! The shell user isnāt openhabian, but openhab.
The user openhabian is for administration purpose, the GNU/Linux user openhab is used to run openHAB, the (independent) karaf user openhab is used to get into the karaf shell.
Take a look at sudo ps aux | grep /usr/bin/java, you will see that user openhab is running the java process for openHAB, therefor all actions from openHAB are in user context openhab, not openhabian.
The shell variant is started by the user that the shell owns / you are logged in with.
When it is being executed by OH it runs with the OH user privileges.
When an ssh session is executed the first time you are asked to verify and accept the host key if it is not already in the known hosts file.
This verification process may keep a prompt open and thus the command may be aborted.
You either need to add the hosts fingerprint to the known hosts file or you can add a command line option to the ssh command to ignore the fingerprint verification.
@Udo_Hartmann well, sorry for that. you explained everything very good and i jumped over the important parts.
you are absolut right, i mixed up the users openhab and openhabian.
i fixed these things now according your explanations and it works through the UI, but only with the -i parameter.
so i did all twice, but with the same result.
i think the problem is during the key generation - the keys where generated in the current directory and not automatical in the /var/lib/openhab/.ssh folder, i had to copy them in that directory.
