Command line switch: shutdown remote via ssh

uiguy · March 31, 2020, 11:20am

did you have any luck?

CrouchingWorm · March 31, 2020, 9:28pm

I did!
Typical though, I ended up changing the approach. I ended up using REST commands to do the same thing.
The problem I had with mine was I needed to be explicit in my command with file locations and my key was in the wrong format (hence NewPrivateKey2.ppk), I changed it through puttygen.

switch:
  - platform: command_line
    switches:
      octoprint_switch:
        command_on: "ssh -i /config/ssh_keys/NewPrivateKey2.ppk -o StrictHostKeyChecking=no [email protected] sudo /sbin/shutdown -h now"

The command throws an error in the log, but works fine.
I’m not using it though.
In my application I’m calling the API of an app (Octoprint) that is able to shut the OS down too, so I do that. Much more elegant for me.

jeppper · June 5, 2020, 10:52pm

What was wrong with your original key format? Was it id_rsa before?

kiwijunglist · June 6, 2020, 3:08am

I have a how to guide on this as well if stuck, just search my post history.

jeppper · June 6, 2020, 6:18pm

I have just looked in your guide and it looks familiar.
Anyway I did create the keys on a win 10 pc and then transferred the public key to my Synology NAS. I was then able to log in to the Synology from the PC without any password.
Now I want to use the private key on my Pi running HA. I want to execute a command to turn off the NAS. I did copy the key to a directory in the /config/ directory and then refered to it in the command.
However I get this error in my Synology logs when trying to execute the command.
User [pi] from [192.168.1.13] failed to log in via [SSH] due to authorization failure.

I can´t figure out what to do. I guess it maybe has something to do with user rights of the user of HA (pi)

CrouchingWorm · June 8, 2020, 8:35am

I think it was yeah.

jeppper · June 8, 2020, 2:24pm

Okay thanks. I haven´t heard anywhere else that id_rsa is not allowed. I can´t get my command to work but think it might be user rights related.

CrouchingWorm · June 8, 2020, 9:47pm

What are the permissions on the keys you’re using?
I think i used the thread

https://help.ubuntu.com/community/SSH/OpenSSH/Keys

When I was working through my solution…
There were a bunch of similar tutorials. I bookmarked these ones so they must’ve been useful…

jeppper · June 9, 2020, 3:05pm

I think I have done the creation of the keys correctly but think the problem is related to the user “homeassistant” which Homeassistant uses and missing rights of this user to perform the shutdown command. But I don´t know how to make it correct.

jeppper · June 9, 2020, 5:54pm

When I try to shutdown from putty with:
sudo ssh [email protected] poweroff
it returns: Need to be root
So I guess shutdown is only possible with root user. When using root instead it also still wants a password.
I have tried to add user homeassistant to the root group without any difference.
usermod -G root homeassistant

CrouchingWorm · June 9, 2020, 11:41pm

I used root for my implementation.
Not ideal, but my environment isn’t available remotely, the risk of security exposure was minimised (in my head at least).

carsten_h · June 10, 2020, 3:19am

The local user ist totally uninteresting for this. In the ssh command you open the remote connection with the user specified before the @. This is the user of the remote computer!

jeppper · June 10, 2020, 6:39pm

So this user should be root then? I just can´t add a root user to Synology with the public key because root is used by the system.
Shouldn´t it somehow be possible to use the default “homeassistant” user somehow and “just” give the right priviligies?

jeppper · June 10, 2020, 6:40pm

But how did you use root? As the user in Synology or as user when installed HA or…?

carsten_h · June 10, 2020, 7:06pm

The user in the ssh key is the local user. The public key of the local user will be copied to the remote users authorized_keys file.

jeppper · June 10, 2020, 7:52pm

Do you mean the id_rsa file? As I understand this file can be copied to as many clients as wanted.
What is necassary to make this work then?
Root is necassary to perform the shutdown command but putting root in front of the command does not help and creating root user in Synology is not possible.

carsten_h · June 10, 2020, 9:13pm

I mean the id_rsa.pub file, that is the public key. id_rsa is the private key. That has to stay local as the local user identifies himself with this key and the remote computer checks it against the public key.

I don’t know Synology. On my QNAP there is a user named admin which has all rights. And I can create more users which also have administrator rights. I didn’t tested if they can shutdown the NAS.

CrouchingWorm · June 10, 2020, 10:21pm

command_on: "ssh -i /config/ssh_keys/NewPrivateKey2.ppk -o StrictHostKeyChecking=no [email protected] sudo /sbin/shutdown -h now"

Apologies I use pi as my userid. I’m shutting down a an octoprint server on a RPi, the root user is pi (per above). My use case is a little different than yours…

jeppper · June 11, 2020, 1:41pm

-My id_rsa key is placed in home/homeassistant/.homeassistant/ssh and the public.key (authorized keys) under the user homeassistant in .ssh.
-I have tried to login to my Synology with the admin account and then perform the poweroff command. It has to be “root” it says.

jeppper · June 11, 2020, 1:43pm

Okay is the octoprint server on the same Pi as HA?