Help with executeCommandLine within a rule

Hello!

I have a problem with executeCommandLine within a Rule on my openhabian installation with Openhab 5.1.0

what have I done so far with help of the forum posts.

sudo visudo -f  /etc/sudoers.d/openhab

and I have added

openhab   ALL=(ALL) NOPASSWD: /sbin/shutdown, /sbin/poweroff, /sbin/systemctl, /sbin/reboot, /usr/bin/mysqldump, /usr/bin/node, /usr/bin/sshpass, /usr/bin/cat, /usr/bin/ssh

In misc/exec.whitelist of the Openhab Config I have added:

sshpass
ssh
cat
sh
sudo
/usr/bin/sshpass

I have run from putty where I was prompted to confirm the fingerprint, what I have done

sudo -u openhab ssh root@192.168.0.10

With this command from putty I can logon to the remote device

sudo -u openhab sshpass -p ‘password’ ssh root@192.168.0.10

With this command from putty I can logon to the remote device and reboot the remote device

sudo -u openhab sshpass -p ‘password’ ssh root@192.168.0.10 reboot

Now I thought I have everything to run this from a rule (fingerprint of remote device stored for user openhab, User openhab is allowed to run the commands, commands are whitellisted, confirmed that my command works from putty

So I created a rule:

rule "Test"

when Item TestDummy changed
then 
	 
	val response = executeCommandLine(Duration.ofSeconds(6),"sshpass", "-p", "'password'", "ssh", "root@192.168.0.10", "reboot")
logInfo("response", "response: " + response)
	
end

In the logfile I can see the response
response: DD-WRT v3.0-r58976 std (c) 2025 NewMedia-NET GmbH

So I know that the login process worked, but using the rule the device does not reboot.
It looks like the reboot command which works from command line via putty, is ignored when I do it from the rule.

Your help will be much appreciated.

Regards!

I’m not really sure what you want to execute. Here an example of one of my rules that clears old rrd4j-databases in JavaScript.
Just replace with any command.

console.info('deleting old rrd4...');
command = 'find /var/lib/openhab/persistence/rrd4j -type f -mtime +2 -delete';
var result = actions.Exec.executeCommandLine(time.Duration.ofSeconds(3), "/bin/sh", "-c", command)
console.info(result);

That is unnecessary. The whitelist is only used by the Exec binding, not executeCommandLine.

But note, when you do need to use the whitelist, the command needs to exactly match the command Exec calls, including the arguments.

[quote=“k3067e3, post:1, topic:168047”]
val response = executeCommandLine(Duration.ofSeconds(6),"sshpass", "-p", "'password'", "ssh", "root@192.168.0.10", "reboot")

As far as executeCommandLine is concerned, there is only one command, sshpass. So the arguments need to be broken up from it’s perspective.

"sshpass", "-p", "'password'", "ssh root@192.168.0.10 reboot"

This whole setup would be easier if you use ssh certs for authentication instead of sshpass. Not only does it eliminate this extra level of nexting but it also keeps your password from being in plain text in the rule and in the logs.

Here’s my example of the SSHPass.

Global Variable Rules:

var String			bashSamsungTV		= 'sshpass -p habopen ssh openhab@localhost -p8101 bundle:restart org.openhab.binding.samsungtv'

Rule:

executeCommandLine(Duration.ofSeconds(10), (bashSamsungTV).split(" "))

Best, Jay

Thanks for the info about whitelist, I thought I need this to.

I tried to do it now your way, but instead of the response of the router I get in may way, I get now this result.

My version:
val response = executeCommandLine(Duration.ofSeconds(6),"sshpass", "-p", "'password'", "ssh", "root@192.168.0.10", "reboot")
response: DD-WRT v3.0-r58976 std (c) 2025 NewMedia-NET GmbH

Your version:
val response = executeCommandLine(Duration.ofSeconds(6),"sshpass", "-p", "'password'", "ssh ``root@192.168.0.10`` reboot")
response: SSHPASS: Failed to run command: No such file or directory

Regards

Hello, same result as in my version, I get response from the router, with the login dialog, but reboot command is ignored.

Regards, Markus