Shut down firewall rule not working

Hi All,

I always have issues with openhab executing these rules.

the loginfo output is ‘null’. The remote device (pfsense firewall) has a sudo package installed and has the openhab user defined with a SSH key and root privi to run commands

The rule is:

le "Shutdown Firewall"
        Item shutdownfirewall changed to ON
        var result = executeCommandLine("sudo ssh openhab@ sudo /etc/rc.halt,5000")
        logInfo("exectest", "results- " + result)

15:10:59.041 [INFO ] [] - executed commandLine 'sudo ssh openhab@ sudo /etc/rc.halt,5000'
15:10:59.042 [INFO ] [lipse.smarthome.model.script.exectest] - results- null

Ive no idea why this supposedly simple task is insanely complex to do!

Any pointers would be great. sudo visudo already has the openhab user defined with the ability to run all commands


Maybe because it’s not supposed to build it like that ? To remotely shutdown whatever usually is just sign of a deeper lying, still not correctly solved problem, this is why I dislike helping people with these.

Anyway, try removing the first sudo. It makes you ssh into your remote box as root, not openhab.

Try to put your ssh command between these ’ ’ . Also put the timeout outside the " ".

executeCommandLine("ssh openhab@ 'sudo /etc/rc.halt'", 5000)
1 Like

Hi Markus, not sure what you mean, but shutting down a firewall via a ssh command is a perfectly legitimate way to shut the firewall down.

But I created the user on the server as openhab, for this purpose. I don’t want to use root.

Maurits, thanks, ill give that a go!!

Usually needing to do that is a workaround to avoid an issue of some sort. The REAL issue could cause you other problems later. The correct solution is to fix the original issue, not lower your security.

He’s (almost) safe when he succeeds in shutting down his inet connection, isn’t he ?
No need to bother about re-activation, hackers or accidents to trigger this.
Actually I once saw the ‘perfect firewall device’ advertised on Ebay. It had resemblances to a wire cutter but hey, it was only $29.99 and it’s safe !

PS: sorry if you don’t share my humor.




1 Like

The voice of experience says “yes”. Ignored little issues can come back to bite you in the a$$ when it is least convenient to deal with it.

yawn Given I work in IT security let me assure you the need to shut down the firewall by my parents (using their home automation software) who are in their 60s because of possible bushfires is not masking another issue but thanks .

1 Like

If there was a bush fire I’d rather run than worry about IT equipment but ok.
Forgive Bruce and me, he’s right for >99% of cases where people ask to reboot or halt systems.

1 Like

Have you fixed the timeout error yet?

hi rossko57, time out? is that the null? Ive made the changes suggested above but not yet tested it. I will today

As Maurits says

with no effective timeout, I understand exec returns immediately without waiting for results from your call, so yes it would always be null return.

1 Like

Fixed the verification issues, the loginfo now shows :yawning_face:

16:18:00.241 [ERROR] [untime.internal.engine.RuleEngineImpl] - Rule 'Shutdown Firewall': An error occurred during the script execution: null

Maybe increase the timeout to 15000?

I did try that, i wasnt receiving anything in the logs, now again, I receive this:

results- Host key verification failed.

yet I can login just fine?

server@ihp:~/.ssh$ ssh openhab@

Hi, your issue is that from the command line the user is ‘server’ who is doing the login, however when openHAB executes it, it is from the user ‘openhab’. So that is why you have the host key error.

You can try to do the ssh from the command line with the openhab user:

sudo -u openhab ssh openhab@

You’re right, I cant login using the openhab user :frowning:

How do I go about resolving it Maurits28? The openhab user is defined on the pfsense device with the key that was created on openhab from the file

You need to share the pub key of the openhab user on the openhab device. I can’t remember how I did this myself. You can search this forum for clues, or search general linux fora to see how to create a key set for a different user.
Now on the road, so can’t check my notes.

1 Like

Thats OK, ive looked and looked (near 6hrs now!) i try and create a key for the open hab user, copy it to the remote machine but then it asks for a password. As far as I know the openhab user has no password. So i get authentication failures

Its just so stupidly complex when it shouldnt be!

if youve got some notes, id love for you to share them at some stage.