I ahve setup a switch to reboot a computer located in 192.168.1.15 ( a raspberry pi), and a rule likes this:
rule "Plex"
when Item PLEX changed to ON
then
val String results = executeCommandLine("ssh pi@192.168.1.15 'sudo shutdown -r now'", 5000)
end```
but not working. If I type in terminal, it is working, but from rules not. I do not get any error in the log.
Something I am missing.
The idea is reboot a local IP, that is all.
Any help?
Thank you.
As you would need to login without a password on the remote machine. I bet like Rich said your known hosts and certificates are missing. You need to look in the home directory of the openhab user. You should be able to copy the .ssh directory from your home directory to the openha b user.
ok, while I am trying to understand all the things you tell me (:S)… I give you more details:
I use openhabian in the local IP 192.168.0.14
I use PLEX on local IP 192.168.0.15 with user pi and pw: pass (i.e.)
The thing is that “I have to tell Openhabian” to log into the ip .0.15 automatically giving it permisions to log into the other IP, right?
More info:
rule "Plex"
when Item PLEX changed to ON
then
val results = executeCommandLine("sudo@@sshpass@@-p@@pass@@ssh@@pi@192.168.0.15@@shutdown@@-r@@now", 5000)
logInfo("ExecTest", results)
end
2018-07-10 07:03:05.505 [INFO ] [ipse.smarthome.model.script.ExecTest] -
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
sudo: no tty present and no askpass program specified
NOTE: Yes, I know that i have to create a passphraseless SSH key, but I am jsut trying if the command syntax works… but it seems not yet :S
@grhosso here was my post on creating a login without password. The article will show step by step. Below the article is how I got it working on the openhab user.
The command you want to use to login without a password is.
ssh user@ipaddr
This assumes you setup the public private keys.
I am not familiar with sshpass. This is a free tool I have never used.
This was tested on my machine here and will work. Follow the commands and you should be good. Then add sudo -u openhab ssh user@ipaddress to the exec binding with the @ in the spaces.
This will get you the login. You will have to modify the sudoers file on the remote machine to allow for reboot without a password.
Understood. Yes I know, but I would like to see that is working, and then I setup the SSH keys files. Eventually, I spent all day trying to setup the ssh-keygen files and:
From my macbook to conect via SSH to both RP3 (openhabian and Plex) is working like a charm, I login without password perfectly.
But I do not get to setup the /.ssh from one RP (openhabian) to the Plex computer. I follow the steps to generate the files .pub, then copy into the server, it seems that everything worked fine but at the end when I login, always ask me for the password. I do not understand. I will show you what I get.
ok, I tried this sentence:
val results = executeCommandLine("sudo@@-u@@openhab@@ssh@@pi@192.168.0.15", 5000)
and I get this log:
2018-07-10 18:30:56.111 [INFO ] [ipse.smarthome.model.script.ExecTest] - Sorry, user openhab is not allowed to execute '/usr/bin/ssh pi@192.168.2.124' as openhab on openhabianpi.
So, I checked the “sudo visudo” and I missed the /usr/bin/ssh
Now, I get in the log (it seems that is working but still need the password)
==> /var/log/openhab2/openhab.log <==
2018-07-10 18:39:45.853 [INFO ] [ipse.smarthome.model.script.ExecTest] - Pseudo-terminal will not be allocated because stdin is not a terminal.
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password).
I think that I almost get it.
Going back to the SSH setup.
Is this the locations of the /.ssh?? /var/lib/openhab2/.ssh/
I have realized that I was setting up everything in /home/openhabian/.ssh. I am wrong ???
It is going to be HARDER to get something like sshpass working than it will be to get the keys working.
See above:
A step missing from the link above which was assumed is you must first make sure you can run this command from the shell using the openhab user.
You can run commands as the openhab user with
sudo -u oprenhab <command>
where <command> is the command to run.
Forget about OH. Forget about executeCommandLine.
log into the openhabian machine over ssh or whatever
run sudo -u openhab ssh pi@192.168.0.15
You don’t need to run sudo -u openhab from executeCommandLine. The command is already running as openhab. You only need the sudo -u openhab when running from the command line as the openhabian user.
Because openhab is not a member of sudo and doesn’t have permission to run sudo commands. And it doesn’t need to. It’s already openhab.
Most likely. Type cd ~openhab and then pwd and it will tell you the full path to openhab’s home.
/.ssh had better be owned by root and only root has read write permissions. You need to use sudo to copy the folder and then you need to change the ownership and permissions to the files in ~openhab/.ssh are only owned by openhab:openhab with only user read/write permissions.
I got to copy the folder to /var/lib/openhab2, properly.
I have created the .pub, and I copy to the server, properly. But still it asks for password when I try to login SSH, properly. I have check them up the key in the server and client, and are the same.
And, now, I do not get any log if I trigger the command… nothing
The files need to be owned by openhab:openhab. Many of these are owned by openhab:openhabian
The files need to be user RW only. All of these files are executable by everyone, readable by everyone, and writable by the group. The files (except for ., and …) need to have permission -rw------
The server you are logging into needs to be configured to allow certs, though I suspect that has happend. Typically ssh will look for a file named id_rsa and id_ras.pub. It might be the case that it isn’t finding your files named open_plex and open_plex.pub.
Forget about executeCommandLine. What happens when you run from the command prompt:
sudo -u openhab ssh pi@192.168.0.15
If it is failing then for some reason it is not seeing the certs.
Are you sure that the password that is being asked for on the openHABian machine is the password for the Plex server and not the password for the key? The last entry is asking for the password for id_rsa, not the login password on 192.168.0.15. Did you create a password when you created these key pairs?