[SOLVED] Problem exec binding ssh shutdown

Hi,

i have a problem with the exec binding. My configuration is:

Switch HTPC "Start/Stop" (Status, Network) {wol="192.168.1.255#08:60:65:E5:96:39", exec="OFF:ssh htpc@192.168.1.201 shutdown -p now" }

The command executes (wol works just fine) but the ssh command gives following error:

The authenticity of host '192.168.1.201 (192.168.1.201)' can't be established.
ECDSA key fingerprint is 53:08:a3:18:e4:34:4d:25:a0:aa:33.
Are you sure you want to continue connecting (yes/no)? 

Does anyone know how to solve this problem?

[quote=“rken, post:1, topic:3395, full:true”]
shutdown -p now[/quote]

What does the parameter “-p” mean? Never heard of it.
If you want to restart you need to use “-r”.
Correct me if I’m wrong …

It means the host is not a “known host” to ssh. If you try to ssh to the same host from the command line and the same user as OH, you should see a similar message. Approve
the host and ssh will remember it when the OH server uses ssh to access it.

Hi, thanks for your answer. The strange thing is I use my laptop to make configurations on my server with ssh. So i’m logged on to my server as server@server. In that session I can connect to htpc@192.168.1.201 because it’s a know host to my server. When I startup openhab with the sh command, and try to ssh to htpc@192.168.1.201 it gives the error that I’ve written above. Obviously i’m doing something wrong, but can’t figure it out.

Have done ssh from my server to htpc, then from htpc back from server. Does openhab run under a diffrent user?

This is not an issue of the client not being known to the server, but it is the other way around. Here is some more information…

The first time a user logs into a host, ssh will ask the client to verify the the server key. If verified, it will store that key for future ssh sessions. The key is typically stored under the process user (openHAB server user) home directory so you must be logged in as the OH user on the OH server machine to verify the host that is the target of the ssh connection. I don’t know what operating system you are using for the server, but for Linux you could use “ps -ef | grep openhab” to show the process details including the user.

If you are fine with the reduced security and just want to avoid the verification, you can try the following technique.

Thanks for your answer steve. I’ve managed to fix the problem. What i’ve done:

from my server i’ve executed the command (did the same thing from htpc to server) :

ssh-keygen
ssh-copy-id htpc@192.168.1.201

after this i was able to ssh without the need to give a password.
I start openhab using sudo sh start.sh. I’ve altered my permissions using

sudo chown -R server Openhab/
sudo chmod -R 775 Openhab

This enables me to start openhab using the correct user (server). Before this, it was opening openhab as root and I couldn’t ssh login without giving a password.
Then I altered my shutdown command using:

ssh htpc@192.168.1.201 sudo shutdown -h now

I’ve added the -h parameter because else ubuntu wouldn’t shut down properly. After this you have to edit the /etc/sudoers file. Because you need to be root to shutdown I have to give the htpc user root acces to shutdown ubuntu. This is done by using:

sudo visudo

#add the following line:
htpc ALL=NOPASSWD: /sbin/poweroff, /sbin/start, /sbin/stop

Now everything is working fine :smile:

1 Like

I had the same problem, running ssh myuser@remote-host mkdir test from the openhab server terminal would execute OK. But executeCommandLine("ssh myuser@remotehost mkdir test") was not executed by openhab.

Then I remembered I was running openhab under root (for other reasons) so I had to be sure root was also able to ssh the remote host without password prompt (just like myuser). So in my openhab server terminal, I did http://www.thegeekstuff.com/2008/11/3-steps-to-perform-ssh-login-without-password-using-ssh-keygen-ssh-copy-id/ again but under root user (type sudo su to become root and make sure you are creating keys in /root/.ssh/ )

Note the last step must be ssh-copy-id -i ~/.ssh/mykey.pub myuser@remote-host if you want to use “myuser” on the remote host! Good to know if you want to connect to an OpenWRT router: you need to paste the public key via Luci in system->administration instead of using the ssh-copy-id method! Also note you can login using a specific key with ssh -i /root/.ssh/mykey myuser@remote-host

Hope it helps

1 Like

Hi, I’m on mac os and i try to do that but i alway have this :

The authenticity of host ‘thib5.com (192.168.111.2)’ can’t be established.
ECDSA key fingerprint is SHA256:poTIcrXvQ7JDGj2DSJ8ieGDXs2KZzhad0dFNYP2of2s.
Are you sure you want to continue connecting (yes/no)?

I’m trying to connect on the same hosts