Remote shutdown script for NetGear ReadyNas

jtnn60 · March 17, 2020, 12:09pm

I want to start and stop my Netgear ReadNAS on demand from Home Assistant which is running in Docker on a Raspberry Pi 4.

Does anyone have an example of a remote shutdown script for a NetGear ReadyNas running the latest firmware v6.10.3? Older, simple CURL scripts, no longer work due to a change in the security model. See https://community.netgear.com/t5/Using-your-ReadyNAS-in-Business/Curl-does-not-work-any-more-since-upgrade-to-6-9-3-on-RN316/m-p/1535788#M143769

A link to a working script would be appreciated!

jocnnor · March 17, 2020, 5:53pm

Don’t have a ReadNAS or anything to test it on, but reading that thread, the curl command will work with an extra parameter.

We will now have to do 2 separate curl commands. The first is to get your auth token. Again, without a device, this is just guess. Assuming the output looks like their example:

<script type="text/javascript">
<!--
csrfInsert("csrfpId", "mKrWJJlKMv5iqXUcSK7dEruWxdSbSqNi713aOVNCpYkLIA1wWmCUhmoZeV8EJ-jfXb6X6K6rT9InWOSd_OPiWPeonCpp01LC");
//-->
</script>

The following command could parse the token.

token=$(curl -sS -u username:password http://nas_ip/admin/csrf.html | grep -oP '"csrfpId", "\K[^"]+')

Now use that token in the other curl command you already use, whatever it may be, by adding the --header option. For example, if your shutdown command was the following (found from some random github page)

curl -u admin -k -d command=poweroff -d shutdown_option=1 -d OPERATION=set -d PAGE=System -d OUTER_TAB=tab_shutdown -d INNER_TAB=none https://{$1}/get_handler|awk -F"message>" '{print $2}'|awk -F"</" '{print $1}'

It would now be:

curl --header "X-CSRFToken: mKrWJJlKMv5iqXUcSK7dEruWxdSbSqNi713aOVNCpYkLIA1wWmCUhmoZeV8EJ-jfXb6X6K6rT9InWOSd_OPiWPeonCpp01LC" -u admin -k -d command=poweroff -d shutdown_option=1 -d OPERATION=set -d PAGE=System -d OUTER_TAB=tab_shutdown -d INNER_TAB=none https://{$1}/get_handler|awk -F"message>" '{print $2}'|awk -F"</" '{print $1}'

I’m not sure how you are calling the curl command from Home Assistant, so it’s hard to tell you how to pass in the id. Maybe just make it a single bash script.

#!/bin/sh
host=192.168.0.1
token=$(curl -sS -u username:password http://$host/admin/csrf.html | grep -oP '"csrfpId", "\K[^"]+')

curl --header "X-CSRFToken: $token" -u admin -k -d command=poweroff -d shutdown_option=1 -d OPERATION=set -d PAGE=System -d OUTER_TAB=tab_shutdown -d INNER_TAB=none https://$host/get_handler|awk -F"message>" '{print $2}'|awk -F"</" '{print $1}'

Then you would just call this bash script from home assistant to shut down.

Hopefully that gives an idea how to do it. The parsing part could be handled many different ways. I’m pretty bad at parsing syntax…

jtnn60 · March 17, 2020, 11:13pm

Hey Jim, thanks for your help. Your script to get the token works perfectly.
However, the shutdown does not. I have a feeling something has changed on the ReadyNas side, as I have tried a few variations including the below:

#!/bin/sh
host=192.168.0.11
username=admin
password="xxxxxx"

token=$(curl -sS -u $username:$password  http://$host/admin/csrf.html | grep -oP '"csrfpId", "\K[^"]+')
curl -sS -v --header "X-CSRFToken: $token" -u $username:$password  -k "http://$host/dbbroker" -H "Content-Type: application/x-www-form-urlencoded;" -H "X-Requested-With: XMLHttpRequest" --data "<?xml version=\"1.0\" encoding=\"UTF-8\"?><xs:nml xmlns:xs=\"http://www.netgear.com/protocol/transaction/NMLSchema-0.9\" xmlns=\"urn:netgear:nas:readynasd\" src=\"dpv_1584484996000\" dst=\"nas\"><xs:transaction id=\"njl_id_1628\"><xs:custom id=\"njl_id_1628\" name=\"Halt\" resource-id=\"Shutdown\" resource-type=\"System\"><Shutdown halt=\"true\" fsck=\"false\"/></xs:custom></xs:transaction></xs:nml>"

Which gives the result:

root@raspberrypi:/hassio/homeassistant# ./readynas_shutdown.sh 
* Expire in 0 ms for 6 (transfer 0x13ca880)
*   Trying 192.168.0.11...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x13ca880)
* Connected to 192.168.0.11 (192.168.0.11) port 80 (#0)
* Server auth using Basic with user 'admin'
> POST /dbbroker HTTP/1.1
> Host: 192.168.0.11
> Authorization: Basic YWRtaW46JU44QlZqV3c1ZVVf
> User-Agent: curl/7.64.0
> Accept: */*
> X-CSRFToken: SqzNmy9s78lY3LydAw217jaeKxLW04zhFem0mVmEHI6jR5pwL08fDGZWQlZpO_X_0IeKtmZQ0pvv-xYiBRVE0X4B4kh9Mz3j3D3hWorJSmY=
> Content-Type: application/x-www-form-urlencoded;
> X-Requested-With: XMLHttpRequest
> Content-Length: 376
> 
* upload completely sent off: 376 out of 376 bytes
< HTTP/1.1 403 Forbidden
< Date: Tue, 17 Mar 2020 23:05:48 GMT
< Server: Apache
< Access-Control-Allow-Headers: csrfpid, x-requested-with
< WWW-Authenticate: Basic realm="ReadyNAS Admin"
< Content-Length: 217
< Connection: close
< Content-Type: text/html; charset=iso-8859-1
< 
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /dbbroker
on this server.<br />
</p>
</body></html>
* Closing connection 0

As you can see, it has the token, but it still reports “Forbidden”.

I will post this in the Netgear forums too. Maybe someone has a fix.

jtnn60 · March 17, 2020, 11:29pm

Posted it here:

jtnn60 · March 22, 2020, 11:14pm

I wrote up exactly how to perform remote shutdown of a ReadyNAS from Home Assistant here:

How to start up and shutdown a Netgear ReadyNAS from Home Assistant

Nightraider · August 30, 2020, 11:08pm

Thank you John, i was searching for a way to do this!

The shutdown part works perfect.

Only i cant get the WoL part to work, there is a error in the script, according to HA.

Do you have a Solution for this? i cant figure out the error.

Invalid config for [script]: expected dict for dictionary value @ data['script']['wake_on_lan_nas']['sequence'][0]['data']. Got None
extra keys not allowed @ data['script']['wake_on_lan_nas']['sequence'][0]['mac']. Got '00:**:33:**:75:**'. (See /config/configuration.yaml, line 17).

this error, line 17, is this line in my yaml file. totally unrelated i think.

automation: !include automations.yaml

Thanks!

jtnn60 · September 8, 2020, 7:30am

Did you include the

wake_on_lan:

in your customisation.yaml ??

Then your script is

script:
  nas710_wake_on_lan:
    alias: NAS710 Wake on LAN
    sequence:
    - data:
        mac: XX:7F:B9:44:XX:XX
      service: wake_on_lan.send_magic_packet

andypnz · April 14, 2023, 5:54am

Hi @jtnn60 Do you think this can also work with HAOS (rather than running in docker)?

Any ideas where to start would be appreciated

andypnz · April 14, 2023, 8:13am

I gave it a go, following John’s instructions for Docker using ‘SSH & Web terminal’ in HA HAOS. https://github.com/DrJohnT/HomeAssistantPublicConfig/wiki/Netgear-ReadyNAS-start-up-&-shutdown

The .ssh folder was hidden on HAOS, but was able to copy the .pub key from their and import it into the ReadyNAS.

When I tried running the shutdown from HA terminal, I got this error:

If I add -oHostKeyAlgorithms=+ssh-rsa then I got this error
ssh [email protected] -oHostKeyAlgorithms=+ssh-rsa rnutil rn_shutdown

Permission denied (publickey)

Finally I added a config file into the hidden .ssh folder:
Host 192.xxx.xxx.xxx
HostKeyAlgorithms ssh-rsa
PubkeyAcceptedKeyTypes ssh-rsa

Success! Thanks @jtnn60