People never seem to check for responses when investigating a problem
var results = executeCommandLine("blah bleh", 10000)
logInfo("exec", "My results were: " + results)
2 Likes
@rossko57 thanks for the tip.
here is what I got as a result:
sudo: no tty present and no askpass program specified
I checked my sudoers.d file again and found that I missed the comma before the /usr/bin/ssh
Fixed this and now it is working.
2 Likes
Iâm still getting
quarku@openhabian:~$ sudo /usr/bin/ssh -p 8101 -i /home/openhabian/karaf_keys/openhab.id_rsa openhab@localhost bundle:restart 224
Password authentication
Password:
Password authentication
Password:
Password authentication
Password:
openhab@localhost's password:
Permission denied, please try again.
openhab@localhost's password:
Permission denied, please try again.
openhab@localhost's password:
openhab@localhost: Permission denied (keyboard-interactive,password,publickey).
quarku@openhabian:~$ su openhabian
Password:
openhabian@openhabian:/home/quarku$ sudo /usr/bin/ssh -p 8101 -i /home/openhabian/karaf_keys/openhab.id_rsa openhab@localhost bundle:restart 224
[sudo] password for openhabian:
openhabian is not in the sudoers file. This incident will be reported.
openhabian@openhabian:/home/quarku$
I donât know what is going on Iâve tried to put rsa key + public key to /var/lib/openhab/.ssh/
at the first place and change the permissions before first ssh it with:
sudo chown openhab:openhab -R /var/lib/openhab/.ssh
Then Iâve moved both keys to /home/openhabian/karaf_keys/ dir and still it just doesnât work.
I was asked by ubuntu to add localhost to list of known hosts - that means imho that the permissions of home folder are ok. Correct me if Iâm wrong.
/home/openhabian/karaf_keys/know_hosts:
|1|C6yJ0UN<cut security reasons>+9nDpsdQBro= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABA<cut security reasons>ei1V94bCz7aAtWo4XwFmEtqlvRz>
/var/lib/openhab/etc/keys_properties:
#karaf=AAAAB3NzaC1kc3MAAACBA<cut security reasons>HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3z>,_g_:admingroup
openhab=AAAAB3NzaC1yc2EAAAADAQABA<cut security reasons>ei1V94bCz7aAtWo4XwFmEtqlvRz>,_g_:admingroup
_g_\:admingroup = group,admin,manager,viewer,systembundles,ssh
Every time there is no error but he ask me to type in karaf console password.
Normally Iâm using âquarku:x:1000:1000:quarku:/home/quarku:/bin/bashâ this login as main console login.
but as far as I know karaf is a separate system
less /etc/passwd
return a list of users where I can find:
- openhab:x:114:120:openhab runtime user,:/var/lib/openhab:/bin/false
- openhabian:x:1001:120:openHABian,openHAB admin user:/home/openhabian:/bin/bash
In Karaf:
jaas:realm-list
return on position 6;
6 â openhab â org.openhab.core.auth.jaas.internal.ManagedUserLoginModule
And also
sudo visudo
return
# User privilege specification
root ALL=(ALL:ALL) ALL
openhab ALL = NOPASSWD: /bin/rm, /bin/chmod, /bin/chown, /usr/bin/amixer, /usr/bin/l2ping, /usr/bin/ssh, /sbin/reboot, /sbin/iptables, /sbin/modprobe
First of all, you are not logging into the operating system. You are logging into the karaf console. The karaf console manages itâs own users and passwords. By default the username is âopenhabâ and the password is âhabopenâ. I believe that openHABian might update the password to match the operating systemâs openhabian userâs password but am not sure about that. But the users, keys and passwords involved are all managed by karaf, not the operating system. In other words, you need to edit /var/lib/openhab/etc/users.properties as described in the docs.
Secondly, you are running ssh with sudo. That means that the actual user ssh is running as is root, not openhabian. Putting the ssh keys into openhabian's .ssh folder or in openhab's folder does nothing to help user root log in via ssh using keys.
Finally, as the error states, the user openhabian, which is the user you are trying to use to run the sudo command is not in sudoers. That means openhabian does not have permission to run sudo. This could very much be a problem because if the all you have is openhabian on your system you can no longer run administration commands.
You need to perhaps read up a bit more on how users work on Linux and in Karaf as well as the sudo command.
Hi, Thanks for reply and explanations - thought its a other way around 
Iâm having âquarkuâ user which I normally use
quarku:x:1000:1000:quarku:/home/quarku:/bin/bash
///////
quarku@openhabian:~$ sudo su
[sudo] password for quarku:
[16:39:03] root@openhabian:/home/quarku#
it has sudo permissions. Iâve tied to generate rsa files within its home dir and start whole process once more - unfortunately no success.
Secondly, you are running ssh with
sudo. That means that the actual user ssh is running as isroot, notopenhabian. Putting the ssh keys intoopenhabian's .ssh folder or inopenhab's folder does nothing to help userrootlog in via ssh using keys.
Where exactly should I generate rsa keys? in home dir of above mentioned quarku? Where basic karaf keys have been placed?
quarku@openhabian:~$ ls
karaf.id_rsa karaf.id_rsa.pub
Shall I then generate it as quarku - other way will cause chown problemsâŠ
sudo -u quarku ssh-keygen -t rsa -f openhab.id_rsa
To be honest the biggest problem for me is to understand where should be quarku and where openhab ^^
As long as you are running sudo to run ssh, which is completely unnecessary, it is the root user that needs the ssh keys. sodu means ârun this command as user rootâ.
You put the public key in users.properties. You put the private key in the .ssh folder of the user running ssh. As long as you continue to run ssh using sudo, which again is completely unnecessary, root needs the private key.
First post here says that keys.properties is the proper location for public key
Maybe you wonna say âYou put ssh user credentials into user.properties - the user which will be used by openhab in execâ?
Iâm going form memory. Do what ever the instructions say to do. This isnât my tutorial.
Ok it works now - here are my steps to get it work on OH3:
eval echo ~openhab << return home direcotry for openhab user in my case I log in as âquarkuâ with /home/quarku dir as home dir, for openhab user we will receve: /var/lib/openhab dir as home dir
ssh-keygen
3x enter
cat /home/quarku/.ssh/id_rsa.pub <<< copy the public key looks like: AAAAAa(a lot of alphanumeric chars)1212313=
âsudo nano /var/lib/openhab/etc/keys.propertiesâ
add line for openhab openhab=AAAAAa(a lot of alphanumeric chars)1212313=,_g_:admingroup
but it needs to be above this line:
_g_\:admingroup = group,admin,manager,viewer,systembundles,ssh
`
ssh -p 8101 openhab@localhost
<<< should login without password
1 Like
Can you guys post some syntax for bundle restart in OH3 - old odne dosen work
var String reply = executeCommandLine("ssh -i /home/quarku/.ssh/id_rsa openhab@localhost -p 8101 'bundle:restart 225'",1000)
Below code doesn;t work âNo such file or directoryâ
val String reply = executeCommandLine(Duration.ofSeconds(5), "ssh", "-i /home/quarku/.ssh/id_rsa openhab@localhost", "bundle:restart 225", "-p", "8101")
nor
val String reply = executeCommandLine(Duration.ofSeconds(5), "ssh", "-i /var/lib/openhab/.ssh/id_rsa openhab@localhost", "bundle:restart 225", "-p", "8101")
Iâm just keep getting:
Identity file /var/lib/openhab/.ssh/id_rsa openhab@localhost not accessible: No such file or directory.
or
Identity file /home/quarku/.ssh/id_rsa quarku@localhost not accessible: No such file or directory.
Identity file /home/quarku/.ssh/id_rsa openhab@localhost not accessible: No such file or directory.
its working direct form terminal as:
ssh -i /home/quarku/.ssh/id_rsa openhab@localhost -p 8101 'bundle:restart 225
No problem @quarku
I guess thatâs because of the new syntax in OH3 for the execute command (separating all white spaces by ", "):
This one works fine for me:
executeCommandLine(Duration.ofSeconds(6), "sudo", "/usr/bin/ssh", "-p", "8101", "-i", "/home/openhab/karaf_keys/openhab.id_rsa", "openhab@localhost", "bundle:restart", "org.openhab.binding.icloud")
2 Likes
Thank you NCO - that worked for me as well - I knew it that is because new syntax for OH3 - unfortunately there is lack of examples with more parameters - but now after I saw your example my also started to work 
1 Like
Iâll just add that where I went wrong with this was leaving the openhab@openHABianPi bit from the .pub file at the end in the keys.properties file. Coming at it with fresh eyes today, I spotted it straight away. But it might save someone a few hours.