Hello guys!
This is shell_command in config.yaml
shell_command:
shell_command:
shutdown_tnas: ssh -i /root/.ssh/id_ed25519.pub -o 'StrictHostKeyChecking=no' -p 9222 192.168.1.224 sudo -S poweroff
id_ed25519.pub is the key I produced from HA cli and id copied directly to NAS.
I can ssh login from HA cli to NAS without password, so key exchange happened and worked.
Only shell_command is not
How the other test that I asked? I need to know those details also.
When calling shell_command i get:
stdout: ""
stderr: "Warning: Identity file /root/.ssh/id_ed25519.pub not accessible: No such file or directory.\nPermission denied, please try again.\r\nPermission denied, please try again.\r\nReceived disconnect from 192.168.1.224 port 9222:2: Too many authentication failures\r\nDisconnected from 192.168.1.224 port 9222"
returncode: 255
When calling ls -la in HA cli i get:
-rw------- 1 root root 399 May 3 22:12 /root/.ssh/id_ed25519
Sorry but I haven’t found a way to select and copy text from HA cli, I have to write it, so spacing is surely wrong
Demo_command gives:
stdout: root
stderr: ""
returncode: 0
Once logged into NAS, sudo doesn’t work, but poweroff does 
Sorry if I edit, on the first day I was blocked after 5 replies, now I try to make less. New messages will be on a new reply, granted.
I also temporarily post an uncomplete post while editing it to avoid loosing what I did by pushing the wrong (X) and closing the page for instance. Sorry for this too.
Thanks
Wait, I’m an idiot.
shell command is missing user.
let me try correcting it and removing sudo -S
Nope. I still get:
stdout: ""
stderr: "Warning: Identity file /root/.ssh/id_ed25519.pub not accessible: No such file or directory.\nPermission denied, please try again.\r\nPermission denied, please try again.\r\nReceived disconnect from 192.168.1.224 port 9222:2: Too many authentication failures\r\nDisconnected from 192.168.1.224 port 9222"
returncode: 255
I also tried this
shell_command:
shutdown_tnas: ssh -p 9222 [email protected] poweroff
to see if ssh could resolve the identity by itself, but got almost the same result:
stdout: ""
stderr: "Permission denied, please try again.\r\nPermission denied, please try again.\r\nReceived disconnect from 192.168.1.224 port 9222:2: Too many authentication failures\r\nDisconnected from 192.168.1.224 port 9222"
returncode: 255
I guess that the identity files (both id_rsa and id_rsa.pub) must be under the /config folder. You can try to move the ‘.ssh’ directory under that folder and change the ssh commands accordingly. Also try a more “safe” command in the ssh command, like ‘hostname’ for example.
I couldn’t find /root folder to cut files from in smb or file editor. Probably I should do this with ssh, but I’m not sure how, so I first tried using the .ssh folder on Ubuntu, the one with the id_rsa.pub and other files that was created to log into NAS, but I got the same message that will follow.
So I ran ssh keygen again specifying /config/.ssh/id_ed25519.pub as output. Probably I mistook something because in both cases I get:
stdout: ""
stderr: "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n@ WARNING: UNPROTECTED PRIVATE KEY FILE! @\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\nPermissions 0644 for '/config/.ssh/id_ed25519.pub' are too open.\r\nIt is required that your private key files are NOT accessible by others.\r\nThis private key will be ignored.\r\nLoad key \"/config/.ssh/id_ed25519.pub\": bad permissions\r\nPermission denied, please try again.\r\nPermission denied, please try again.\r\nReceived disconnect from 192.168.1.224 port 9222:2: Too many authentication failures\r\nDisconnected from 192.168.1.224 port 9222"
returncode: 255
You’re almost there and I missed a step. You have to change the permissions on the key.
You want to run ‘chmod 600 /config/.ssh/id_ed25519’ from the SSH add-on
The other issue is making sure the right keys are in the right place. You should have had two keys
id_ed25519
id_ed25519.pub
The first is the private key and the second is the public key. The private key should be on HA (origination of SSH) and the public key should be on the NAS.
In your shell command, you’ll use the private key.
Your problem before was having the key in the /root folder of the SSH add-on which HA cannot access.
I ran chmod on id_ed25519 but gave me same result.
So I ran it on ed_ed25519.pub and launching shell_command gave me:
stdout: ""
stderr: "Load key \"/config/.ssh/id_ed25519.pub\": error in libcrypto\r\nPermission denied, please try again.\r\nPermission denied, please try again.\r\nReceived disconnect from 192.168.1.224 port 9222:2: Too many authentication failures\r\nDisconnected from 192.168.1.224 port 9222"
returncode: 255
Right…you still have your shell command using the public key. You need to change it to use the private key instead.
Yes! Seems like login Happened!
But not working yet.
Now I get:
stdout: ""
stderr: "bash: line 1: poweroff: command not found"
returncode: 127
In config.yaml i have:
shell_command:
shutdown_tnas: ssh -i /config/.ssh/id_ed25519 -o 'StrictHostKeyChecking=no' -p 9222 [email protected] poweroff
Try using the full path, like /sbin/poweroff or something like that… To find where is the command, use ‘which poweroff’ from an interactive ssh session of the NAS.
You may also want to SSH from the HA CLI and run ‘whoami’ to make sure it’s logging you in as the correct user.
Guys, it worked!
I don’t really know how to thank you for all the help you gave me and patience you showed.
I don’t even really know which reply to mark as solution.
Thanks forever and ever and ever and ever…
P.s.
To be thorough, in case anyone else will ever need this, NAS warned me that “shutdown” should be used instead of “poweroff”
Finally the solution was brought by @FriedCheese and @blackfede. Thanks, you made this a great day.
To summarize:
Install and activate ssh on both HA and NAS.
Access HA cli and generate keys with
ssh-keygen
don’t set passphrase and when prompted for file path:
Type: /config/.ssh/id_rsa.pub
Copy the generated keys to NAS using:
ssh-copy-id -i /config/.ssh/id_rsa.pub user@NAS_IP using your credentials.
Run:
chmod 600 /config/.ssh/id_rsa’
Create a shell_command entry in config.yaml:
shell_command:
shutdown_nas: ssh -i /config/.ssh/id_rsa -o 'StrictHostKeyChecking=no' -p 9222 user@NAS_IP /sbin/shutdown
using your credentials.
Now you should be able to call a service called: shutdown_nas
This way, I got rid of the need for a smart UPS.
Please correct me if I badly reported something.
If you encounter an issue, since I mistook almost everything could be mistaken, you’ll likely find the brief solution among replies, so take time to and care of reading.
Woo! I’m glad it worked!
hi all!
i believe that in step 3 we have to remove the “pub” extension.
using core 2024.9.3
no luck here… getting the error below when try to run action from developer tools:
stdout: ""
stderr: "Warning: Identity file /config/.ssh/id_rsa not accessible: No such file or directory.\nPermission denied, please try again.\r\nPermission denied, please try again.\r\[email protected]: Permission denied (publickey,password)."
returncode: 255