HELP - Script to Shutdown Windows 11 PC

Hi all

I can’t believe I’ve decided to take this on as a hobby, my god this has been such a headache! But I’m stubborn!

If you can’t tell by that previous sentence, I’m extremely new. Do you remember not knowing phonetics as a 3 year old and your parents repeating sounds over and over to you? Nope, you don’t. Neither do I. Such is the human experience. Nonetheless, I am the 3 year old. I’ve spent days just now getting authorized keys set up lol. That’s enough of that though , time to get on topic.

Setup:
Bare metal system with HAOS 14.2
Windows 11 PC - Using webbrowser homeassistant.local and SSH

Goal:
Shutdown afformentioned Windows 11 PC

Current achievements (seem laughable and probably are, but phonetics):

• Without password Using SSH to access Windows 11 PC via cmd ‘ssh user@Ip address’
• Without password Using SSH to access baremetalsystem via cmd ‘ssh user@Ip address’
• Having the cmd 'ssh user@ip adress ‘shutdown /s /f /t 0’" work with direct input into ssh

Current road block:

• Developer tools - Action - Shutdown Shell command error
  stdout: “”
  stderr: “Permission denied, please try again.\r\nPermission denied, please try again.\r\nwindows11user@windows11ip: Permission denied (publickey,password,keyboard-interactive).”
  returncode: 255

Code im using:

• shell_command:
  shutdown_pc: “ssh -i /data/.ssh/id_rsa -o StrictHostKeyChecking=no windows11user@windows11ip ‘shutdown /s /f /t 0’”

I’ve found a post with basically this exact issue, but due to what is likely user error, that post was no help…

So here I am asking for help…

Are you sending that EXACT command and was it a direct copy paste?

Also explain what you mean ‘without password.’

Because what you’re getting is your w11 pc is telling you to take a hike because it doesn’t know who you are.

You have to have valid creds. Your SSH command is trying to log you on as someone named [email protected] I’m pretty sure isn’t valid.

Is your goal learning ssh. Windows command line and such or is your goal to shut down the machine?

Not using that exact command. My user and Ip address replace where specified ie. user@ip.

In place of password authentication ive set up RSA key authentication.

Goals are kind of all of the above. However , for simplicity sake… the goal is having that script shut down the pc.

I thought authentication/ identification was the problem…I mean they are. I dont u derstand why though. The RSA keys seem to be working to access both the windows 11 pc and the HAOS . Verified by SSH cmds such as ‘ssh user@ipaddress’ - no subsequent password prompt.

Without further logs I can’t say that’s a

very clear access denied message

you need to get past that before anything else works.

Hint: I don’t use ssh for my windows pcs I use. Hass.agent

I use this:

Well the weekend is fast approaching so I’ll look into hass agent. Thanks for the suggestion.

Yeah you’re fighting
Could be your ssh command (you’re rightly masking cred here so it could be anything in your auth) could be the ssh command line using the rsa key, could be firewall on the win11 box. Could be… (see what I mean)

If this were mine and I wanted to use ssh I’d.

1. build your command and make sure it works every time form the admin command prompt.
2. modify to work every time from another win pc Using SSH (this builds the correct ssh command)
3. THEN try from HA.

That way you know if you’re fighting ssh or HA or windows.

Thanks for this suggestion . I see this path wpuld require password credentials - what ive read so far is to avoid using password credentials for security reasons. Is using password credentials actually not too concerning ?

Follow the instructions for HASS Agent 2 if you go that route

I am fairly well versed with the integration in you need assistance

Eh. There’s a lot of nuance there you’re missing but yes rsa keys are awesome (but don’t mistake yes grossly simplified but rsa key isjust a big honkin pass code.)

You dont want to save or send a password in the clear. There’s nothing ‘wrong’ with a proper strong password that’s not stored or sent in the clear (yes pedantic but this part isn’t for you it’s for whomever reads this post in a year.)

I’m not tied to SSH . The decision to use SSH was made to break through feeling overwhel
med with the volume of methods and systems out there. Figured it would be best to just pick something and get going before i drowned lol .

I’ve got another windows pc so i can certainly test out the cmd in that environment. I imagine I’ll just repeat what I’ve been learning so far?

• Install SSH
• firewall inbound/outbound rule for ssh
• generate key pair
• keys in authorized key file
• run the cmd

Thank you. Appreciate it!

I see, so if i were to look further into scripts and commands which would use user%password in the clear its possible to encrypt the user%password lines without messing up the code? Sorry if ive missed the point here.

…but If my understanding is correct, do you recommend that path, how much of a rabbit hole would it be learning encryption for this purpose?

No i like SSH keys it is indeed a best practice just don’t assume it invalidates everything else.

For all security creds ensure not stored in clear and not transmitted in the clear. Over time that becomes (“password bad m’ kayy?”) when it should be “bad password is bad mkay” instead ;).theres other better auth mechanisms too and each is great for its purposes

You’re heading on the right path.

@LiQuid_cOOled and @NathanCu

Thanks you guys!

I went the HASS Agent path and I now have my first success! Sort of…so thank you!

I’ve got a shutdown ‘switch’ in google home and set up the voice command automation in google home and it’s working ! - I landed on the switch through troubleshooting though…tried as a ‘button’ entity and it wouldn’t show in google home, so frustrating! and then with the switch I had to troubleshoot the voice command! Couldn’t use “shutdown” landed on “Computer switch” - But it is working! - Now for turn on the PC via voice command!

Can i ask you both - Is the entity not working as a button a me issue, bug issue, integration or other? If i can get it working as a button so i can use the voice command “shutdown” that would be great and not have to see a switch permanently in the off state…

I simply use a template switch

Ping sensor to see if the PC is on
Wake-on-lan to turn the pc on
Shutdown to turn the PC off

  - platform: template
    switches:
      desktop_francis:
        value_template: "{{ is_state('binary_sensor.desktopfrancis', 'on') }}"
        turn_on:
          - service: wake_on_lan.send_magic_packet
            data:
              mac: '9C:5C:8E:C0:24:B9'
        turn_off:
          - service: hassio.addon_stdin
            data:
              addon: core_rpc_shutdown
              input: pc_francis
        unique_id: 6d987d00-b390-4f57-ad25-9ca17ddb8958    

Replace the shutdown with your own method.

OK Google, turn (on/off) desktop francis

Button works with HA(tested both button and switch), but Google and Alexa integrations mainly focus on switches and lights. I started off with Button and found out Switch was the way to go…

I literally template exactly as @francisp does for easy voice control via Alexa.

@francisp @LiQuid_cOOled

Well that would explain why i’ve had no luck with a Wake on Lan button showing up in google home the last hour haha.

I’ll proceed with using switches for google integration and have a read of this template business. Thanks for the script