openHABian ssh connection between 2 raspberry pi

Setup, Configuration and Use Scripts & Rules
, ,
1

Platform information:

  • Hardware: Raspberry Pi 3
  • OS: openHABian
  • openHAB version: 2.2

Hey all,

this is my first post in this forum, thanks for your attention…

I have an OH-server on the first Raspberry Pi and want to display some stats from the client Raspberry Pi on the Basic UI/OH-server.

I already established an automatic ssh login to the client. It seems to work fine, as my script on the OH-server displays the stats, when I start it with

bash script.sh

Script:

#! /bin/bash

#read stats
INPUT=$(/usr/bin/ssh -i /home/openhabian/.ssh/id_rsa pi@192.168.XXX.XXX "/bin/cat /sys/bus/w1/devices/28-0000079f43f0/w1_slave |tail -n1 |cut -d\"=\" -f2")

TEMP=$(echo "scale=2; $INPUT / 1000" | bc)

# return stats
echo $TEMP

I added the following

things

Thing exec:command:workingtemp [command="bash /etc/openhab2/scripts/script.sh"]

items

Number Working_Temperature "Working Area [%.1f °C]" <temperature>

String working_temperature_out { channel="exec:command:workingtemp:output" }

rules

rule "Working Area Temperature"
  when
     Item working_temperature_out received update
  then
      Working_Temperature.postUpdate(
          ( ( Float::parseFloat(working_temperature_out.state.toString) as Number ) * 10 ) / 10
      )

end

and added it to a sitemap with:

Text item=Working_Temperature

But in the log the following message appears:

2018-01-12 14:02:14.597 [ERROR] [ntime.internal.engine.RuleEngineImpl] - Rule 'Working Area Temperature': For input string: "Warning: Identity file /home/openhabian/.ssh/id_rsa not accessible: Permission denied.
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password).
Warning: Identity file /home/openhabian/.ssh/id_rsa not accessible: Permission denied.
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password)."

When I use a script with a local sensor on OH-server/Raspberry with exactly the same things/items/rules/sitemap it is working fine.

So I guess there seems to be a problem with the /.ssh permission. Do I need to add another user or service to be able to handle my /.ssh folder?

Thanks for your help and have a nice weekend
Stefan

2

Hi, if I remember correctly the default the server is run as the openhab user, so whichever user runs the server, that user must have permission to run your scripts and all commands in that script. What is the access rights to /home/openhabian/.ssh/id_rsa ?

3

In my setup I run such scripts on the client pi locally triggered by cron. The script publishes the values read from sensors to an MQTT broker using mosquitto_pub in the scripts.
Nevertheless I think Martin is right - you have to sort out which user is running openhab. On my openhabian system the user is openhab - not openhabian. You can check that by using ps:

ps -ef | grep java
openhab  14561     1  9 Jan10 ?        04:39:04 /usr/bin/java -Dopenhab.home=/usr/share/openhab2 -Dopenhab.conf=/etc/openhab2 -Dopenhab.runtime=/usr/share/openhab2/runtime -Dopenhab.userdata=/var/lib/openhab2 -Dopenhab.logdi
r=/var/log/openhab2 -Dfelix.cm.dir=/var/lib/openhab2/config -Djetty.host=0.0.0.0 -Djetty.http.compliance=RFC2616 -Dorg.ops4j.pax.web.listening.addresses=0.0.0.0 -Dorg.osgi.service.http.port=8080 -Dorg.osgi.service.http.port.
secure=8443 -Djava.awt.headless=true -Djava.endorsed.dirs=/usr/lib/jvm/zulu-embedded-8-armhf/jre/lib/endorsed:/usr/lib/jvm/zulu-embedded-8-armhf/lib/endorsed:/usr/share/openhab2/runtime/lib/endorsed -Djava.ext.dirs=/usr/lib/
jvm/zulu-embedded-8-armhf/jre/lib/ext:/usr/lib/jvm/zulu-embedded-8-armhf/lib/ext:/usr/share/openhab2/runtime/lib/ext -Dkaraf.instances=/var/lib/openhab2/tmp/instances -Dkaraf.home=/usr/share/openhab2/runtime -Dkaraf.base=/va
r/lib/openhab2 -Dkaraf.data=/var/lib/openhab2 -Dkaraf.etc=/var/lib/openhab2/etc -Dkaraf.logs=/var/log/openhab2 -Dkaraf.restart.jvm.supported=true -Djava.io.tmpdir=/var/lib/openhab2/tmp -Djava.util.logging.config.file=/var/li
b/openhab2/etc/java.util.logging.properties -Dkaraf.startLocalConsole=false -Dkaraf.startRemoteShell=true -classpath /usr/share/openhab2/runtime/lib/boot/org.apache.karaf.diagnostic.boot-4.1.3.jar:/usr/share/openhab2/runtime
/lib/boot/org.apache.karaf.jaas.boot-4.1.3.jar:/usr/share/openhab2/runtime/lib/boot/org.apache.karaf.main-4.1.3.jar:/usr/share/openhab2/runtime/lib/boot/org.osgi.core-6.0.0.jar org.apache.karaf.main.Main                     
root     23239  8569  0 15:44 pts/3    00:00:00 grep --color=auto java
4

Hey all,

thats it…

User is “openhab”

I had to create a password passwd openhab
give it a bash-shell (chsh -s /bin/bash openhab)…
change to openhab su openhab
create and spread a new id_rsa ssh-keygen -t rsa, ssh-copy-id -i /xxx/.ssh/id_rsa username@192.168.XXX.XXX
and go over my scripts - because the new id_rsa is/should be in another folder with ownership openhab.

Now it seems to work fine!

Thanks for your ideas and tips
Stefan

btw:
I also tried to change the permissions to the id_rsa I made with user openhabian, but there was always the message with the permission I mentioned above. While I tried to gave 777-permission to it, the message changed to

Permissions 0777 for '/***/id_rsa' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
1 Like
5

Yes, that’s correct behavior. But you could have copied (or moved) the original key to another folder, accessible for the openhab user, plus chown the file to openhab:openhab. The correct permissions are 0600 (only the owner can read and write the file)

sudo chown openhab: ./.ssh/id_rsa