Permissions issue when running script to reboot router from a rule

Hi,
I have a script to reboot my router. I have setup RSA keys and copied the public key I generated on openhabian RPi to the router setiings.

ssh -i /home/openhabian/router_keys/openhab.id_rsa username@IPaddress reboot

this all works when run from console and my router reboots

/etc/openhab2/scripts/reboot_WAN_Router.sh

but when it is run via a rule like this:

rule "Reboot WAN router"
when
    Item Reboot_WAN_Router changed from OFF to ON
then
    val results = executeCommandLine("/etc/openhab2/scripts/reboot_WAN_Router.sh", 10000)
    logInfo("Network", "Results:\n" + results)
end

I get this error in the log:

Results:

Load key "/home/openhabian/router_keys/openhab.id_rsa": Permission denied

Permission denied, please try again.

file permissions are as follows

-rw------- 1 openhabian openhabian 1823 Oct 29 15:09 openhab.id_rsa
-rw-r--r-- 1 openhabian openhabian  400 Oct 29 15:09 openhab.id_rsa.pub

I didn’t find a solution so far. Any ideas how to fix it?

My end goal is to reboot the router if it goes offline. I have the offline detecion part working

The command is running as user openhab, not openhabian when executeCommandLine runs in your rule.

1 Like

that fixed it … thanks. Spent ages searching and thought it would be simple for an expert like you :slight_smile:

-rw------- 1 openhab openhabian 1823 Oct 29 15:09 openhab.id_rsa
-rw-r--r-- 1 openhab openhabian  400 Oct 29 15:09 openhab.id_rsa.pub

Just got to put it all togther now… offline detection >>> then reboot … simple now :slight_smile:

Hi,

It was all running fine. So, I began work on a second almost identical script and ran into a problem.
Both scripts ran from console but when running via execCommand i get the following error

Result = Host key verification failed

I deleted the known_hosts from two locations and regenerated keys ect, changed owner to openhab, copied new keys but now all my scripts using keys generate the same error but run fine from console.

known_hosts file locations:

/var/lib/openhab2/.ssh/known_hosts
/home/openhabian/.ssh/

On regenerating the keys and running script from console only the known_hosts in /home/openhabian/.ssh/ was regenerated.

ssh-keygen -t rsa -f WAN.id_rsa

file permissions

-rw------- 1 openhab openhabian 1823 Mar 18  2020 openhab.id_rsa
-rw-r--r-- 1 openhab openhabian  397 Mar 18  2020 openhab.id_rsa.pub
-rw-r--r-- 1 openhabian openhabian 664 Nov  1 14:47 known_hosts

I suspect its a permissions , owner issue but where?

I found the fix it myself >>>>>>>>>>> cause was inconstent use of user openhab with the various commands :slight_smile:

If its intended to run script via execCommand then I needed to execute all commands as user openhab
eg
create keys -u openhab

sudo -u openhab ssh-keygen -t rsa -f WAN.id_rsa

run script for first time !!! as -u openhab !!

sudo -u openhab ssh -i /home/openhabian/router_keys/WAN.id_rsa user@IP reboot

Then you get asked to add known host… yes…

Now my scripts will run from execCommand without the error >>> Host key verification failed
But if now run from console like this:

 ssh -i /home/openhabian/router_keys/WAN.id_rsa user@IP reboot

you will get asked a second time to add the host like this

The authenticity of host '192.168.0.1 (192.168.0.1)' can't be established.
ECDSA key fingerprint is SHA256:xxxughandmoreughxxx.
Are you sure you want to continue connecting (yes/no)? no