If you use the /runtime/bin/client
script, you can avoid the SSH.
Hi,
sorry, I thought, I have the latest approach in my tutorial above.
Actually nowadays I restart (whatever) binding by:
executeCommandLine("sudo /usr/bin/ssh -p 8101 -i /home/openhab/karaf_keys/openhab.id_rsa openhab@localhost bundle:restart org.openhab.binding.netatmo", 6000)
That works well and actually since the milestone builds I actually don’t need it anymore.
Hey thanks a lot for your answer… but unfortunatelly the command wont’t work.
I have create the following rule:
rule "reset"
when
Item Reset_netatmo received command
then
executeCommandLine("sudo /usr/bin/ssh -p 8101 -i /home/openhab/karaf_keys/openhab.id_rsa openhab@localhost bundle:restart org.openhab.binding.netatmo", 6000)
Thread::sleep(2000)
postUpdate(Reset_netatmo, OFF)
end
The problem is that the command won’t work.
The log shows:
2018-12-19 17:33:39.234 [ome.event.ItemCommandEvent] - Item ‘Reset_netatmo’ received command ON
2018-12-19 17:33:39.244 [vent.ItemStateChangedEvent] - Reset_netatmo changed from OFF to ON
And the switch will not switch off by the rule.
If I uncommand the executeCommandLine with “//” the switch will switched of by the rule.
Is there some mistake in my rule?
Hmmm… did you make sure that openhab (the owner the OH process is running on) has the appropriate permissions?.
please check the sudo permissions by:
sudo visudo
there should be a line like:
openhab ALL = NOPASSWD: /bin/rm, /bin/chmod, /bin/chown, /usr/bin/amixer, /usr/bin/l2ping, /usr/bin/ssh, /sbin/reboot, /sbin/iptables, /sbin/modprobe, /etc/init.d/openhab2, /etc/init.d/mosquitto, /etc/init.d/openvpn, ...
your line should at least contain ssh.
Maybe that’s it!?
I’d like to understand how I should be using this one. Would the following be correct?
rule "reset"
when
Item Reset_netatmo received command
then
executeCommandLine("/usr/share/openhab2/runtime/bin/client bundle:restart org.openhab.binding.netatmo", 6000)
Thread::sleep(2000)
postUpdate(Reset_netatmo, OFF)
end
EDIT: from the command line, this works.
Note that on my environment, the valid path for accessing /runtime/bin/client
is:
/usr/share/openhab2/runtime/bin/client
I’ve given up on using /runtime/bin/client within a rule, since I was getting inconsistent results. Sometimes it worked, but not always…
from core.actions import Exec
Exec.executeCommandLine("/bin/sh@@-c@@/opt/openhab2/runtime/bin/client 'bundle:restart org.openhab.binding.upnpcontrol;'", 10000)
So, I went back to ssh, which works consistently. This is what I use in a rule to restart the DLNA binding after OH startup to get the subscriptions working…
from core.actions import Exec
Exec.executeCommandLine("/bin/sh@@-c@@ssh -p 8101 -l openhab localhost 'bundle:restart org.openhab.binding.upnpcontrol;'", 10000)
Question: is this approach working with the latest openhab snapshot 2.5.7?
I actually created the pair of keys and inserted the public key into the keys.properties.
I copied the private key file into /home/openhabian.
when I try to connect to karaf using
sudo -u openhab ssh -i ~/openhab.id_rsa -p8101 openhab@localhost
I get the request to confirm the host … and then I get a password prompt. So somehow, it is not working for me.
Anybody using this approach successfully with a recent openhab version?
Yes, still works for me.
Yes, this is still working for me on 2.5.7
I just used it this morning.
Did you try to use the absolute / full path.
And did you check the permissions of the file?
After redoing the “keys.properties” file again correctly
I got the following command to work from the command line, wo entering a password:
sudo /usr/bin/ssh -p 8101 -i ~/openhab.id_rsa openhab@localhost bundle:restart org.openhab.binding.ipcamera
I have to enter the openhabian password for the SUDO though.
When I use
executeCommandLine("sudo /usr/bin/ssh -p 8101 -i /etc/openhab2/openhab.id_rsa openhab@localhost bundle:restart org.openhab.binding.ipcamera")
in a rule, the command does not get executed, what I see in the log though is:
2020-08-13 16:03:15.269 [INFO ] [lipse.smarthome.io.net.exec.ExecUtil] - executed commandLine 'sudo /usr/bin/ssh -p 8101 -i /etc/openhab2/openhab.id_rsa openhab@localhost bundle:restart org.openhab.binding.ipcamera'
any suggestion?
I have a “/usr/bin/ssh” entry in my sudoers.d file for the user openhab
did you put /usr/bin/ssh using visudo for openhabian as well?
This (password for sudo when beeing openhabian) should then be solved.
executeCommandLine("sudo /usr/bin/ssh -p 8101 -i /etc/openhab2/openhab.id_rsa openhab@localhost bundle:restart org.openhab.binding.ipcamera")
you forgot the timeout at the end:
executeCommandLine("sudo /usr/bin/ssh -p 8101 -i /etc/openhab2/openhab.id_rsa openhab@localhost bundle:restart org.openhab.binding.ipcamera", 5000)
But I am not sure, if a default value is used then.
It’s worth a try I guess
People never seem to check for responses when investigating a problem
var results = executeCommandLine("blah bleh", 10000)
logInfo("exec", "My results were: " + results)
@rossko57 thanks for the tip.
here is what I got as a result:
sudo: no tty present and no askpass program specified
I checked my sudoers.d file again and found that I missed the comma before the /usr/bin/ssh
Fixed this and now it is working.
I’m still getting
quarku@openhabian:~$ sudo /usr/bin/ssh -p 8101 -i /home/openhabian/karaf_keys/openhab.id_rsa openhab@localhost bundle:restart 224
Password authentication
Password:
Password authentication
Password:
Password authentication
Password:
openhab@localhost's password:
Permission denied, please try again.
openhab@localhost's password:
Permission denied, please try again.
openhab@localhost's password:
openhab@localhost: Permission denied (keyboard-interactive,password,publickey).
quarku@openhabian:~$ su openhabian
Password:
openhabian@openhabian:/home/quarku$ sudo /usr/bin/ssh -p 8101 -i /home/openhabian/karaf_keys/openhab.id_rsa openhab@localhost bundle:restart 224
[sudo] password for openhabian:
openhabian is not in the sudoers file. This incident will be reported.
openhabian@openhabian:/home/quarku$
I don’t know what is going on I’ve tried to put rsa key + public key to /var/lib/openhab/.ssh/
at the first place and change the permissions before first ssh it with:
sudo chown openhab:openhab -R /var/lib/openhab/.ssh
Then I’ve moved both keys to /home/openhabian/karaf_keys/ dir and still it just doesn’t work.
I was asked by ubuntu to add localhost to list of known hosts - that means imho that the permissions of home folder are ok. Correct me if I’m wrong.
/home/openhabian/karaf_keys/know_hosts:
|1|C6yJ0UN<cut security reasons>+9nDpsdQBro= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABA<cut security reasons>ei1V94bCz7aAtWo4XwFmEtqlvRz>
/var/lib/openhab/etc/keys_properties:
#karaf=AAAAB3NzaC1kc3MAAACBA<cut security reasons>HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3z>,_g_:admingroup
openhab=AAAAB3NzaC1yc2EAAAADAQABA<cut security reasons>ei1V94bCz7aAtWo4XwFmEtqlvRz>,_g_:admingroup
_g_\:admingroup = group,admin,manager,viewer,systembundles,ssh
Every time there is no error but he ask me to type in karaf console password.
Normally I’m using ‘quarku:x:1000:1000:quarku:/home/quarku:/bin/bash’ this login as main console login.
but as far as I know karaf is a separate system
less /etc/passwd
return a list of users where I can find:
- openhab:x:114:120:openhab runtime user,:/var/lib/openhab:/bin/false
- openhabian:x:1001:120:openHABian,openHAB admin user:/home/openhabian:/bin/bash
In Karaf:
jaas:realm-list
return on position 6;
6 │ openhab │ org.openhab.core.auth.jaas.internal.ManagedUserLoginModule
And also
sudo visudo
return
# User privilege specification
root ALL=(ALL:ALL) ALL
openhab ALL = NOPASSWD: /bin/rm, /bin/chmod, /bin/chown, /usr/bin/amixer, /usr/bin/l2ping, /usr/bin/ssh, /sbin/reboot, /sbin/iptables, /sbin/modprobe
First of all, you are not logging into the operating system. You are logging into the karaf console. The karaf console manages it’s own users and passwords. By default the username is “openhab” and the password is “habopen”. I believe that openHABian might update the password to match the operating system’s openhabian user’s password but am not sure about that. But the users, keys and passwords involved are all managed by karaf, not the operating system. In other words, you need to edit /var/lib/openhab/etc/users.properties as described in the docs.
Secondly, you are running ssh with sudo
. That means that the actual user ssh is running as is root
, not openhabian
. Putting the ssh keys into openhabian
's .ssh folder or in openhab
's folder does nothing to help user root
log in via ssh using keys.
Finally, as the error states, the user openhabian
, which is the user you are trying to use to run the sudo
command is not in sudoers. That means openhabian
does not have permission to run sudo. This could very much be a problem because if the all you have is openhabian
on your system you can no longer run administration commands.
You need to perhaps read up a bit more on how users work on Linux and in Karaf as well as the sudo command.
Hi, Thanks for reply and explanations - thought its a other way around
I’m having ‘quarku’ user which I normally use
quarku:x:1000:1000:quarku:/home/quarku:/bin/bash
///////
quarku@openhabian:~$ sudo su
[sudo] password for quarku:
[16:39:03] root@openhabian:/home/quarku#
it has sudo permissions. I’ve tied to generate rsa files within its home dir and start whole process once more - unfortunately no success.
Secondly, you are running ssh with
sudo
. That means that the actual user ssh is running as isroot
, notopenhabian
. Putting the ssh keys intoopenhabian
's .ssh folder or inopenhab
's folder does nothing to help userroot
log in via ssh using keys.
Where exactly should I generate rsa keys? in home dir of above mentioned quarku? Where basic karaf keys have been placed?
quarku@openhabian:~$ ls
karaf.id_rsa karaf.id_rsa.pub
Shall I then generate it as quarku - other way will cause chown problems…
sudo -u quarku ssh-keygen -t rsa -f openhab.id_rsa
To be honest the biggest problem for me is to understand where should be quarku and where openhab ^^
As long as you are running sudo
to run ssh
, which is completely unnecessary, it is the root
user that needs the ssh keys. sodu
means “run this command as user root”.
You put the public key in users.properties. You put the private key in the .ssh folder of the user running ssh. As long as you continue to run ssh using sudo, which again is completely unnecessary, root
needs the private key.
First post here says that keys.properties is the proper location for public key
Maybe you wonna say ‘You put ssh user credentials into user.properties - the user which will be used by openhab in exec’?
I’m going form memory. Do what ever the instructions say to do. This isn’t my tutorial.
Ok it works now - here are my steps to get it work on OH3:
eval echo ~openhab
<< return home direcotry for openhab user in my case I log in as “quarku” with /home/quarku dir as home dir, for openhab user we will receve: /var/lib/openhab dir as home dir
ssh-keygen
3x enter
cat /home/quarku/.ssh/id_rsa.pub
<<< copy the public key looks like: AAAAAa(a lot of alphanumeric chars)1212313=
‘sudo nano /var/lib/openhab/etc/keys.properties’
add line for openhab openhab=AAAAAa(a lot of alphanumeric chars)1212313=,_g_:admingroup
but it needs to be above this line:
_g_\:admingroup = group,admin,manager,viewer,systembundles,ssh
`
ssh -p 8101 openhab@localhost
<<< should login without password