no clue about node-red here either, but this is what i’m doing in HA, there was a few posts that talk about this, and I think its “normal” but ill still get an error every time, even though it runs successfully.
I gave you the code above to SSH into a server using HA shell command, you can use this in a script to connect to the remote server and run any commands you want.
create a script that calls service “shell_command.poweroff_mirror”
I use the bigssh node in NodeRed, I think you have to edit the perms for what commands you want to permit w/o requiring sudo or do keys but havn’t gotten that part sorted out for elevated commands.
I had that same question.
Basically, I wanted to shutdown a linux pc in the kitchen (showing the HA dashboard) at night or when nobody is home. Solved it just like @spiegeljb, but had a problem after updating homeassistant: I had to login via ssh from HA to the pc manually once because HA forgot the rsa fingerprint. With a little tweak, login now works flawlessly every time.
I avoided using sudo by setting the SUID bit for /sbin/shutdown on the kitchen pc. (see here or here on how to do that )
I call this from Node Red with a “call service” node. Node Red even shows you a list of possible entity ids when you start typing “shell” in the respective field.
Please note that theoretically, this is a security risk since it basically cripples the rsa fingerprint functionality and an attacker could impersonate the kitchen pc.
Since the user ssh-ing in is local to the kitchen pc and not priviliged, the pc in the kitchen does not hold any valuable data, does not receive any traffic besides that for the dashboard and traffic from and to this pc is limited to my cabled home network, I can live with that.
You can accomplish this without using Home Assistant or Node Red. If you are going to use Home Assistant, @spiegeljb and @anrudolph have the correct solution. As @anrudolph points out, this creates a security risk. The best way to accomplish this would be to set up unattended-upgrades for your servers. This is how you can set it up for a Debian server and I’ll set out the high-level instructions that should work for most debian-based distributions:
On the remote Debian server that you want to auto-upgrade, run:
sudo apt-get install unattended-upgrades
Configure /etc/apt/apt.conf.d/50unattended-upgrades to apply the upgrades that you want. The link above provides an example configuration. When I did this recently on an old Debian server, the file did not require configuration.
Configure /etc/apt/apt.conf.d/20auto-upgrades:
sudo nano /etc/apt/apt.conf.d/20auto-upgrades
The contents of that file should be changed to the following (refer to the link above if you want to customize how frequently the server updates itself):
Now your server should auto-upgrade itself daily without the security concern of modifying SUIDs or in sshing into your server.
I would add a word of caution: Although auto-updating your server will help mitigate security risks and will cut down on manual work, it is likely only a matter of time before an update breaks your computer. It’s a bit of a risk-balancing exercise.
You’re welcome as could help!
I just recently fixed nodered flow with bigssh and my pihole and super handy after I figured how part of this node worked. Probably need to figure out the keys to do elevated stuff but could be crazy powerful