Based on my earlier problems I will set up a guide on how to include your Synology into Openhab. Mainly this is used to post Status and to Turn the Synology ON/OFF via Openhab.
The main reason behind the setup is to be able to login to the Synology without using a password, as well as running the poweroff command without the need to enter a password. This enables us to shutdown the Synology with just one command.
I am running openHABian distro on a Raspberry Pi 3 B+ and a Synology DS-215j on newest DSM.
This is a step by step guide:
1. Create a user Openhab on Synology.
This is probably an optional point, but I did it anyway. Login to your Synology via Webinterface, add another user (I used openhab as username). Grant this user admin rights and access to homes folder (read/write).
1.1 Allow password-less login via SSH on Synology
- Login with SSH on your synology
- Open sshd_config
sudo vi /etc/ssh/sshd_config
- Uncomment the lines - Remote the #
- Restart SSH Service:
sudo synoservicectl --reload sshd
2. Enable poweroff access.
To enable access to poweroff function we need to edit the sudoers file.
Therefore use PuTTy (or other ssh tool) to remotely login to your Synology. Use an admin user (or the just created openhab). After logging in switch to user root
Then edit the sudoers file with this command
sudo vi /etc/sudoers
Add the follwing line. This will ensure that no password is required to execute the poweroff command (I guess one could leave the reboot/shutdown out of this line since you will use the poweroff mainly)
%administrators ALL=(ALL) NOPASSWD: /sbin/poweroff, /sbin/reboot, /sbin/shutdown
Save the file and exit.
If you dont know how to operate vi editor please use this link (thats where I figured it out: https://www.cs.colostate.edu/helpdocs/vi.html)
3. Set up SSH-Keys for password-less login
(most of this step is taken from https://www.tecmint.com/ssh-passwordless-login-using-ssh-keygen-in-5-easy-steps/ )
So basically you want to set up a key-pair, so the Synology allows login from user openhab on your openHABian.
A) Start your openhab-device Terminal as user openhabian (or remotely login via puTTy) then generate the keys:
ssh-keygen -t rsa
Hit Enter for all questions (file to save key, as well as passphrase)
B) Create a .ssh folder on your Synology via ssh
The follwing command will remotely create a .ssh folder on your Synology in user openhab homefolder (assuming that 126.96.36.199 is the IP adress of Synology and port for SSH is not changed).
ssh email@example.com mkdir -p .ssh
If this is your first login confirm the dialog by typing yes.
Enther password for user openhab on Synology.
C) Copy the generated keys form the Raspberry to Synology
cat .ssh/id_rsa.pub | ssh firstname.lastname@example.org ‘cat >> .ssh/authorized_keys’
D) Permission change for .ssh files on Synologvy via remote:
This command will set the permissons on the authorized_keys file to read/write/change only for the user openhab. If this is not done the keys will not be accepted.
ssh email@example.com “chmod 700 .ssh; chmod 640 .ssh/authorized_keys”
After this command we are finished with setting up the Synology. Now we have to set up the RaspberryPi user openhab with the key-files.
EDIT (input from @borcon)
ssh firstname.lastname@example.org "chmod 755 /volume1/homes/openhab"
This command is needed because the ssh service does not allow full rights.
After this you should test the passwordless connection manually. If this works you can proceed.
If the connection is not working then there is a good debug possibility.
Run command on synology - this opens a second SSH Port for debugging:
sudo /bin/sshd -d -p 1234
Type in the ssh from your openhab the following command:
ssh email@example.com -p 1234
The SSH session on the synology shows now, why the passwordless connection did not work. In most cases the userrights a wrong.
4. Transfer keys to user openhab
Tranfer the keys on your raspberry from /home of openhabian to home of openhab so Synology accepts passwordless login from user _openhab:
First we need to change the permissions on .ssh folder so it is readable by all users (execute from /home of user openhabian)
sudo chmod -R 777 .ssh/
Now we want to copy the folder/files to /home of user openhab. This can only be done by executing a command as openhab.
Sudo –u openhab cp –r .ssh ~openhab/
The folder is still set up with the wrong permissions, so we need to change those as user openhab
Sudo –u openhab chmod 700 ~openhab/.ssh/known_hosts
Sudo –u openhab chmod 700 ~openhab/.ssh/id_rsa.pub
Sudo –u openhab chmod 700 ~openhab/.ssh/id_rsa
Sudo –u openhab Chmod 700 ~openhab/.ssh
EDIT: Some improvements on user rights: Change the rights back to original (on the pi). I have neglected these in my instructions as all devices are only accessible locally (or via VPN).
The default rights are:
/home/openhabian/.ssh --> chmod 700
/home/openhabian/.ssh/id_rsa --> chmod 600 (Private Key)
/home/openhabian/.ssh/id_rsa.pub --> chmod 644 (Public Key)
/home/openhabian/.ssh/known_hosts --> chmod 644
After this you are done and should be able to use the follwing command to login to your Synology.
sudo -u openhab ssh firstname.lastname@example.org
Since this is the first login you will have to confirm once again with yes and enter the password.
From now on you should not need to enter a password anymore.
Try using (from user openhabian on your Raspberry).
Sudo –u openhab ssh email@example.com sudo poweroff
Your Synology should shut down. If you got this to work you are now able to use the below command in a rule to shutdown your Synology with openHAB.
executeCommandLine(“ssh openhab@synologyIP sudo poweroff”, 5000)
I will add a sample .items .rules .sitemap some other day.