[SOLVED] Rule to reboot my mediacentre

(Juan) #1

Hello there,

I ahve setup a switch to reboot a computer located in 192.168.1.15 ( a raspberry pi), and a rule likes this:

rule "Plex"
when Item PLEX changed to ON
then
val String results = executeCommandLine("ssh pi@192.168.1.15 'sudo shutdown -r now'", 5000)
end```

but not working. If I type in terminal, it is working, but from rules not. I do not get any error in the log.
Something I am missing.

The idea is reboot a local IP, that is all.

Any help?

Thank you.
0 Likes

(Rich Koshak) #2

Yes, executeCommandLine runs commands as the openhab user, not your login user.

See How to solve Exec binding problems

0 Likes

(Juan) #3

I understand, but I am executing the command line in order to get access via ssh to another computer, so I would need the login actually, right?

0 Likes

(Rich Koshak) #4

As the passing I linked to explains.

Get the result from the command executed and it will tell you why it isn’t working.

I’m going to guess you are trying to log in using the openhab user on the remote host and/or you have not set up the ssh certs for the openhab user.

0 Likes

(Juan) #5

:wink: I will read carefully today. I am not very expert in linux commands.
Thanks for your support.

0 Likes

(Danny mullen) #6

As you would need to login without a password on the remote machine. I bet like Rich said your known hosts and certificates are missing. You need to look in the home directory of the openhab user. You should be able to copy the .ssh directory from your home directory to the openha b user.

0 Likes

(Juan) #7

ok, while I am trying to understand all the things you tell me (:S)… I give you more details:

  • I use openhabian in the local IP 192.168.0.14
  • I use PLEX on local IP 192.168.0.15 with user pi and pw: pass (i.e.)

The thing is that “I have to tell Openhabian” to log into the ip .0.15 automatically giving it permisions to log into the other IP, right?

More info:

rule "Plex"
when Item PLEX changed to ON
then 
val results = executeCommandLine("sudo@@sshpass@@-p@@pass@@ssh@@pi@192.168.0.15@@shutdown@@-r@@now", 5000)
logInfo("ExecTest", results)
end

ITEMS:

Switch PLEX "Plex REBOOT???"
0 Likes

(Juan) #8

I get this in the log:

2018-07-10 07:03:05.505 [INFO ] [ipse.smarthome.model.script.ExecTest] - 
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.
sudo: no tty present and no askpass program specified

NOTE: Yes, I know that i have to create a passphraseless SSH key, but I am jsut trying if the command syntax works… but it seems not yet :S

0 Likes

(Rich Koshak) #9

I get very frustrated with the Exec binding because people who don’t know how to use Linux try to make it work and can’t understand our suggestions.

  1. All exec commands that are run from OH are run as the openhab user.
  2. The openhab user MUST be configured properly to run many commands
  3. This means the openhab user must be a member of sudo or have entries in the sudoers to give it permission to run commands using sudo
  4. This means the openhab user must be configured with ssh certs if it needs to log in somewhere.

Please don’t use sshpass. Use ssh certs. There are tons of tutorials available, even a couple on this forum.

Why are you using sudo to run sshpass in the first place?

The error is indicating that sudo doesn’t have a tty and sshpass requires a tty to pass the password.

A step missing from the link above which was assumed is you must first make sure you can run this command from the shell using the openhab user.

You can run commands as the openhab user with

sudo -u oprenhab <command>

where <command> is the command to run.

0 Likes

(Danny mullen) #10

@grhosso here was my post on creating a login without password. The article will show step by step. Below the article is how I got it working on the openhab user.

The command you want to use to login without a password is.

ssh user@ipaddr

This assumes you setup the public private keys.

I am not familiar with sshpass. This is a free tool I have never used.

 sudo -u openhab ssh-keygen

 ssh-copy-id -i /var/lib/openhab2/.ssh/id_rsa.pub user@ipaddress  

answer yes to questions

 sudo -u openhab ssh user@ipaddress

answer yes

This was tested on my machine here and will work. Follow the commands and you should be good. Then add sudo -u openhab ssh user@ipaddress to the exec binding with the @ in the spaces.

This will get you the login. You will have to modify the sudoers file on the remote machine to allow for reboot without a password.

0 Likes

(Juan) #11

Understood. Yes I know, but I would like to see that is working, and then I setup the SSH keys files. Eventually, I spent all day trying to setup the ssh-keygen files and:

  • From my macbook to conect via SSH to both RP3 (openhabian and Plex) is working like a charm, I login without password perfectly.
  • But I do not get to setup the /.ssh from one RP (openhabian) to the Plex computer. I follow the steps to generate the files .pub, then copy into the server, it seems that everything worked fine but at the end when I login, always ask me for the password. I do not understand. I will show you what I get.

ok, I tried this sentence:

val results = executeCommandLine("sudo@@-u@@openhab@@ssh@@pi@192.168.0.15", 5000)

and I get this log:

2018-07-10 18:30:56.111 [INFO ] [ipse.smarthome.model.script.ExecTest] - Sorry, user openhab is not allowed to execute '/usr/bin/ssh pi@192.168.2.124' as openhab on openhabianpi.

So, I checked the “sudo visudo” and I missed the /usr/bin/ssh

openhab ALL=(ALL) NOPASSWD: /bin/ip, /bin/bash, **/usr/bin/ssh**

Now, I get in the log (it seems that is working but still need the password)

==> /var/log/openhab2/openhab.log <==

2018-07-10 18:39:45.853 [INFO ] [ipse.smarthome.model.script.ExecTest] - Pseudo-terminal will not be allocated because stdin is not a terminal.

Permission denied, please try again.

Permission denied, please try again.

Permission denied (publickey,password).

I think that I almost get it.

Going back to the SSH setup.

Is this the locations of the /.ssh?? /var/lib/openhab2/.ssh/

I have realized that I was setting up everything in /home/openhabian/.ssh. I am wrong ???

0 Likes

(Rich Koshak) #12

It is going to be HARDER to get something like sshpass working than it will be to get the keys working.

See above:

A step missing from the link above which was assumed is you must first make sure you can run this command from the shell using the openhab user.

You can run commands as the openhab user with

sudo -u oprenhab <command>
where <command> is the command to run.

Forget about OH. Forget about executeCommandLine.

  1. log into the openhabian machine over ssh or whatever
  2. run sudo -u openhab ssh pi@192.168.0.15

You don’t need to run sudo -u openhab from executeCommandLine. The command is already running as openhab. You only need the sudo -u openhab when running from the command line as the openhabian user.

Because openhab is not a member of sudo and doesn’t have permission to run sudo commands. And it doesn’t need to. It’s already openhab.

Most likely. Type cd ~openhab and then pwd and it will tell you the full path to openhab’s home.

Yes!

0 Likes

(Juan) #13

Mmmm interesting. I am learning a lot of here.

Great, I think this is better, right?

val results = executeCommandLine("ssh@@pi@192.168.0.15", 5000)

OK, I am trying to copy the /.ssh folder to /var/lib/openhab2/ and I do not have permision…

0 Likes

(Rich Koshak) #14

/.ssh had better be owned by root and only root has read write permissions. You need to use sudo to copy the folder and then you need to change the ownership and permissions to the files in ~openhab/.ssh are only owned by openhab:openhab with only user read/write permissions.

0 Likes

(Juan) #15

ok.

  • I got to copy the folder to /var/lib/openhab2, properly.
  • I have created the .pub, and I copy to the server, properly. But still it asks for password when I try to login SSH, properly. I have check them up the key in the server and client, and are the same.
  • And, now, I do not get any log if I trigger the command… nothing :confused:

FYI:

[21:50:49] openhabian@openhabianpi:/var/lib/openhab2/.ssh$ ls -l -a
total 24
drwxrwxr-x+  2 openhab openhabian 4096 Jul 10 21:39 .
drwxrwxr-x+ 10 openhab openhabian 4096 Jul 10 21:25 ..
-rwxrwxr-x   1 openhab openhab     936 Jul 10 21:04 authorized_keys
-rwxrwxr-x   1 openhab openhab     666 Jul 10 21:04 known_hosts
-rwxrwxr-x   1 openhab openhabian 1766 Jul 10 21:37 open_plex
-rwxrwxr-x   1 openhab openhabian  402 Jul 10 21:37 open_plex.pub
0 Likes

(Rich Koshak) #16

Read what I said above again.

  • The files need to be owned by openhab:openhab. Many of these are owned by openhab:openhabian
  • The files need to be user RW only. All of these files are executable by everyone, readable by everyone, and writable by the group. The files (except for ., and …) need to have permission -rw------

The server you are logging into needs to be configured to allow certs, though I suspect that has happend. Typically ssh will look for a file named id_rsa and id_ras.pub. It might be the case that it isn’t finding your files named open_plex and open_plex.pub.

Forget about executeCommandLine. What happens when you run from the command prompt:

sudo -u openhab ssh pi@192.168.0.15

If it is failing then for some reason it is not seeing the certs.

0 Likes

(Juan) #17

I get:

[22:29:17] openhabian@openhabianpi:~$ sudo -u openhab ssh pi@192.168.0.15
[sudo] password for openhabian: 
0 Likes

(Rich Koshak) #18

After making the changes I recommended?

0 Likes

(Juan) #19

Yes. I guess:

  • owned by openhab:openhab
  • user RW only
[22:42:04] openhabian@openhabianpi:/var/lib/openhab2/.ssh$ ls -l -a
total 32
drwxrwxr-x+  2 openhab openhabian 4096 Jul 10 22:32 .
drwxrwxr-x+ 10 openhab openhabian 4096 Jul 10 21:25 ..
-rw-------   1 openhab openhab     790 Jul 10 22:16 authorized_keys
-rw-------   1 openhab openhab    1766 Jul 10 22:32 id_rsa
-rw-------   1 openhab openhab     402 Jul 10 22:32 id_rsa.pub
-rw-------   1 openhab openhab     666 Jul 10 21:04 known_hosts
-rw-------   1 openhab openhab    1766 Jul 10 21:37 open_plex
-rw-------   1 openhab openhab     402 Jul 10 21:37 open_plex.pub

When I connect to the server 192.168.2.15 from my macbook (not from the OH), I can auto login without pasword, so I guess is properly setup.

And now:

[22:46:20] openhabian@openhabianpi:/var/lib/openhab2/.ssh$ ls -l -a
total 32
drwxrwxr-x+  2 openhab openhabian 4096 Jul 10 22:32 .
drwxrwxr-x+ 10 openhab openhabian 4096 Jul 10 21:25 ..
-rw-------   1 openhab openhab     790 Jul 10 22:16 authorized_keys
-rw-------   1 openhab openhab    1766 Jul 10 22:32 id_rsa
-rw-------   1 openhab openhab     402 Jul 10 22:32 id_rsa.pub
-rw-------   1 openhab openhab     666 Jul 10 21:04 known_hosts
-rw-------   1 openhab openhab    1766 Jul 10 21:37 open_plex
-rw-------   1 openhab openhab     402 Jul 10 21:37 open_plex.pub
[22:46:26] openhabian@openhabianpi:/var/lib/openhab2/.ssh$ sudo -u openhab ssh pi@192.168.0.15
Enter passphrase for key '/var/lib/openhab2/.ssh/id_rsa': 
0 Likes

(Rich Koshak) #20

Are you sure that the password that is being asked for on the openHABian machine is the password for the Plex server and not the password for the key? The last entry is asking for the password for id_rsa, not the login password on 192.168.0.15. Did you create a password when you created these key pairs?

0 Likes