How to restart service on a remote machine? systemctl --host pi@IP command

chairstacker · September 14, 2018, 1:40am

I know its more of a general Linux question, but I’ll ask anyway - been searching everywhere without finding a solution.

I’m trying to start/stop/restart the HA service on a remote machine.

So far, I have tried this:

sudo systemctl --host [email protected] restart home-assistant@homeassistant

Even though I have added the following lines to the sudoer file on the target machine it doesn’t work remotely:

pi ALL=NOPASSWD: /bin/systemctl start home-assistant@homeassistant
pi ALL=NOPASSWD: /bin/systemctl stop home-assistant@homeassistant
pi ALL=NOPASSWD: /bin/systemctl restart home-assistant@homeassistant

The status command seems to work, but even when I add it to the sudoer file, it keeps asking for the password.

sudo systemctl --host [email protected] status home-assistant@homeassistant

Might it have to do with the fact that I run HA in a virtual environment?
When I execute the commands directly on the machine it all works fine.

sudo systemctl restart home-assistant@homeassistant

pnbruckner · September 14, 2018, 2:09am

Do you have ssh setup to log into the remote machine? If so, you should be able to send the command via ssh. E.g.:

ssh [email protected] sudo systemctl restart home-assistant@homeassistant

chairstacker · September 14, 2018, 2:36am

Thank you, @pnbruckner, I have - and it works fine

I assume I could send this as s shell command through an HA automation once I’ve sorted my 2nd issue out.

As you can see, I’ve tried to get this command to execute without requiring a password, but I failed there as well.

Do I need to put
pi ALL=NOPASSWD: /bin/systemctl restart home-assistant@homeassistant
or
%sudo ALL=NOPASSWD: /bin/systemctl restart home-assistant@homeassistant
in the sudoer file on the target machine?

I tried either (putting them at the end of the file) but can’t get it to work

I can’t even get it to run without sudo on the target machine with either of these entries.

kirichkov · September 14, 2018, 6:55am

I think your approach is wrong. You’re trying to restart HASS, which is running as homeassistant user, while logging in using the pi user. I’d suggest you make sure you can log in as homeassistant via ssh, e.g.:

ssh [email protected]

try to do systemctl restart home-assistant@homeassistant

and if that works, try

systemctl --host [email protected] restart home-assistant@homeassistant

I don’t think systemctl will attempt to sudo when you’re using the --host parameter. Alternatively you can try something along the lines of ssh [email protected] sudo systemctl restart home-assistant@homeassistant

pnbruckner · September 14, 2018, 11:49am

So, I’m not exactly following you. FWIW, I haven’t done anything with a “sudoer” file. I simply created and installed an ssh key. Now I can log into the remote machine without a password. Of course the ssh key has a passphrase, which I have to enter if I’m logging in from a Windows machine, but from a Linux machine the ssh agent takes care of that. If you’re not familiar with ssh keys, just Google. I’m not an expert on those, but I figured it out fairly quickly with what I found Googling. (And it’s been a while since I did that so I don’t really remember the details anymore. )

pnbruckner · September 14, 2018, 11:52am

I believe the HA install instructions (at least the ones for Raspbian which I followed) specifically creates the homeassistant user so that it can’t be used to log in. My guess is they did it that way on purpose.

JeffLIrion · September 14, 2018, 3:27pm

I have 2 HA instances:

Hass.io (my main instance)
Hassbian (for controlling Chromecast volumes)

I setup SSH keys so that I’m able to connect from my Hass.io instance to my Hassbian instance and run commands. Maybe this could be a little more direct, but here’s an example.

On Hass.io:

shell_command:
  home_assistant_cca_restart: "ssh -F /config/.ssh/config -i /config/.ssh/id_rsa [email protected] 'bash /home/homeassistant/.homeassistant/bash_scripts/home_assistant_cca_restart.sh'"

And on the Hassbian instance, I have the bash script home_assistant_cca_restart.sh:

#!/bin/bash

curl -X POST -H "Content-Type: application/json" -k https://192.168.0.26:8124/api/services/script/home_assistant_cca_restart

I could probably call the homeassistant.restart service directly, but I like having a script for restarting and this works so I haven’t bothered to change it.

chairstacker · September 14, 2018, 6:42pm

Thanks - I’ll try the ssh key approach.
Thought I could avoid that by amending the sudoer file, but it sounds like a good approach.

kirichkov · September 15, 2018, 6:17am

Yes, for some extra security. But the OP obviously isn’t clueless about using Linux so they can weigh the pros and cons allowing the homeasistant user to log in remotely.

Dinges28 · July 20, 2022, 9:44am

Can I ask?
I’m still a bit of a linux noob… How did you setup the login using ssh keys?