Even though I have added the following lines to the sudoer file on the target machine it doesn’t work remotely:
pi ALL=NOPASSWD: /bin/systemctl start home-assistant@homeassistant
pi ALL=NOPASSWD: /bin/systemctl stop home-assistant@homeassistant
pi ALL=NOPASSWD: /bin/systemctl restart home-assistant@homeassistant
The status command seems to work, but even when I add it to the sudoer file, it keeps asking for the password.
sudo systemctl --host [email protected] status home-assistant@homeassistant
Might it have to do with the fact that I run HA in a virtual environment?
When I execute the commands directly on the machine it all works fine.
Thank you, @pnbruckner, I have - and it works fine
I assume I could send this as s shell command through an HA automation once I’ve sorted my 2nd issue out.
As you can see, I’ve tried to get this command to execute without requiring a password, but I failed there as well.
Do I need to put pi ALL=NOPASSWD: /bin/systemctl restart home-assistant@homeassistant
or %sudo ALL=NOPASSWD: /bin/systemctl restart home-assistant@homeassistant
in the sudoer file on the target machine?
I tried either (putting them at the end of the file) but can’t get it to work
I can’t even get it to run without sudo on the target machine with either of these entries.
I think your approach is wrong. You’re trying to restart HASS, which is running as homeassistant user, while logging in using the pi user. I’d suggest you make sure you can log in as homeassistant via ssh, e.g.:
I don’t think systemctl will attempt to sudo when you’re using the --host parameter. Alternatively you can try something along the lines of ssh [email protected] sudo systemctl restart home-assistant@homeassistant
So, I’m not exactly following you. FWIW, I haven’t done anything with a “sudoer” file. I simply created and installed an ssh key. Now I can log into the remote machine without a password. Of course the ssh key has a passphrase, which I have to enter if I’m logging in from a Windows machine, but from a Linux machine the ssh agent takes care of that. If you’re not familiar with ssh keys, just Google. I’m not an expert on those, but I figured it out fairly quickly with what I found Googling. (And it’s been a while since I did that so I don’t really remember the details anymore. )
I believe the HA install instructions (at least the ones for Raspbian which I followed) specifically creates the homeassistant user so that it can’t be used to log in. My guess is they did it that way on purpose.
I setup SSH keys so that I’m able to connect from my Hass.io instance to my Hassbian instance and run commands. Maybe this could be a little more direct, but here’s an example.
And on the Hassbian instance, I have the bash script home_assistant_cca_restart.sh:
#!/bin/bash
curl -X POST -H "Content-Type: application/json" -k https://192.168.0.26:8124/api/services/script/home_assistant_cca_restart
I could probably call the homeassistant.restart service directly, but I like having a script for restarting and this works so I haven’t bothered to change it.
Yes, for some extra security. But the OP obviously isn’t clueless about using Linux so they can weigh the pros and cons allowing the homeasistant user to log in remotely.
)