Exec command not working

Setup, Configuration and Use Beginners
, ,
1
  • Platform information:
    • Hardware: Raspberry pi 3
    • openHAB version:3.1
  • Issue of the topic: exec command not working

My item:

Switch    ShutdownOctopi  {channel="exec:command:shutdown_octopi:run", autoupdate="false"}

My thing:

Thing exec:command:shutdown_octopi  "shutdown octopi"    [command="sudo -u openhabian ssh -i /home/openhabian/.ssh/sshOctopi pi@octopi.local sudo shutdown now", autorun=false]

Hello all :slight_smile:

When i execute the command above from the openhabs terminal then my octopi shutdown without any password input, so my ssh key seems to be working.

when i execute the command by exec the Switch ShutdownOctopi goes on an off without any errors.
I also added the same command to the whitelist.

Im think its something simple but i cant get it work. Does someone can help?

2

I assume you tested everything under the openhabian account on the command line.
OH runs with openhab privileges. Did you add openhab to do sudoers ?

2 Likes
3

Bam that’s it :smiley:

I thought I just need sudo -u openhab and it’s ok

If someone else has the same problem, I just did this:

sudo visudo -f /etc/sudoers.d/010_pi-nopasswd

Adding following lines

openhab ALL=(ALL) NOPASSWD: ALL

Like described here

1 Like
4

This line:

openhab ALL=(ALL) NOPASSWD: ALL

Is a bad idea (as explained in the linked thread). Please be aware, that with this line, the user openhab is able to destroy all data on the SD card within micros of seconds. A simple

rm -rf /

Will suffice.
Please be aware that openHAB is not hardened against any attacks.
Please, when setting up a sudoers file with NOPASSWD, always ensure that only the commands are allowed, which are needed.

2 Likes
5

Thanks for the hint.

But i have Problems to realize it. this is what i want to do:

Cmnd_Alias OCTOPI = sudo -u openhabian ssh -i /home/openhabian/sshOctopi pi@octopi sudo shutdown now

openhabian ALL=(ALL) NOPASSWD: OCTOPI

but when i exit it tells me:
Syntax-error near line 1

What im doing wrong here?

6

you need to add the path in front of sudo: /sbin/sudo

2 Likes
7

So easy again, thanks a lot!

Finally it’s all working like it should :smiley:

1 Like
8

Hey,

im sorry, still have problems with the sudoers file.

the octopi commands are working but any other ssh command does not.

E.g. my kodi commands cannot be executed when i modify the sudoers file like this:

Cmnd_Alias TEST = /bin/sudo -u openhabian ssh -i /home/openhabian/sshMasterKey root@kodi shutdown now -r

openhab ALL=(ALL) NOPASSWD: TEST

My Thing:

Thing exec:command:cmnd_kodi  "Kodi System"    [command="sudo -u openhabian ssh -i /home/openhabian/sshMasterKey root@kodi %2$s", autorun=true]

My Items:

String    SystemCmndKodi    "Kodi Command"            {channel="exec:command:cmnd_kodi:input"}

My sitemap:

Switch item=SystemCmndKodi label="Kodi []" mappings=["shutdown now -r"="REBOOT","shutdown now"="OFF"]

When i check the output of this exec it looks like the command is missing in the sudoers file(sorry its german but its the same like in the linked thread):

Wir gehen davon aus, dass der lokale Systemadministrator Ihnen die
Regeln erklärt hat.  Normalerweise läuft es auf drei Regeln hinaus:
    #1) Respektieren Sie die Privatsphäre anderer.
    #2) Denken Sie nach, bevor Sie tippen.
    #3) Mit großer Macht kommt große Verantwortung.
sudo: Kein TTY vorhanden und kein »askpass«-Programm angegeben
Wir gehen davon aus, dass der lokale Systemadministrator Ihnen die
Regeln erklärt hat.  Normalerweise läuft es auf drei Regeln hinaus:
    #1) Respektieren Sie die Privatsphäre anderer.
    #2) Denken Sie nach, bevor Sie tippen.
    #3) Mit großer Macht kommt große Verantwortung.
sudo: Kein TTY vorhanden und kein »askpass«-Programm angegeben to

Is there a way to exactly see the command that exec tries to execute?
i activated the binding log but i cant se any details

with sudoers no password for all its all working. I cant find an difference to the working octopi command except its libreelec instead of raspian

9

The message is not about missing files.

When you use the dangerous NOPASSWD then you have to acknowledge the message once to get it to go away.

10

What I am thinking of is if sudo really is required here:

I did not test but I would expect that a similar construct should work too:
command="ssh -i /var/lib/openhab/etc/sshMasterKey root@kodi %2$s"

11

oh man, dont know why i cant make it work…

i tried

ssh -tt -i /var/lib/openhab/etc/sshMasterKey

with result “Host key verification failed”, i think because of denied permission, because thats what the terminal telling me. I copied the key to the folder of cause.
Would be handsome to use without sudo and edit of sudoers

I also added -tt so ssh because of error “Pseudo-terminal will not be allocated because stdin is not a terminal”

So i tried

ssh -tt -i /home/openhabian/sshMasterKey root@kodi systemctl is-active kodi.service

which works from terminal but again not from exec binding where i get again ‘Host key verification failed.’. Sadly my linux skills are too low level to understand how to fix this, sounds like it could work

[rossko57] regarding the acknowledge, it doesnt seem to affect anything, but im not sure if i understand what to do. i should only use this command from terminal once i get the error? because next try it comes again (except i edit sudoers file to ALL)

12
  • check for openhab user’s home directory in /etc/passwd: grep openhab /etc/passwd
  • create directory .ssh in that directory
  • make sure that the directory is owned by user openhab: sudo chown openhab:openhab /var/lib/openhab/.ssh
  • make sure that the directory is only readable by user openhab: chmod 700 /var/lib/openhab/.ssh
  • try again
13

this didnt work for me but i think i found a solution for the ssh commands.
I understood “sudo -u openhab” is just to test the desired exec commands in terminal so I removed it everywhere.

Then i generated a ssh key at default location with default name and copied it by ssh, both with prefix “sudo -u openhab”. Im not sure but i guess the default ssh key folder has the correct permissions.

After this i was able to execute the ssh login with

sudo -u openhab ssh root@kodi

and without any password.

I thougth this will be a easy upgrade :exploding_head:

Much thanks to all of you! I learned a lot and its so cool to monitor and control all other raspberrys at home from openhab :smiling_face_with_three_hearts:

1 Like
14

I am wondering then if it even works without the sudo part as openhab processes run under user openhab.

15

Well, in the Terminal everything works. Just what I understood from the Binding documentation was to test in terminal with sudo -u openhab.

I’m logged into ssh with openhabian and what was working in the Terminal was not working with exec as described in this thread. so there seems to be a difference but I don’t know in detail

16

Yes, that’s right. the sudo -u openhab part is only to check wether the “real” command will work when user openhab does the command.