Author Topic: Is there luup code for sending ssh commands to a server?  (Read 20746 times)

Offline deursen

  • Sr. Newbie
  • *
  • Posts: 24
  • Karma: +0/-0
Is there luup code for sending ssh commands to a server?
« on: August 27, 2012, 12:32:58 pm »
I would like to shutdown my server at a specific moment by using an ssh command.
Looks like : ssh user@remote_computer sudo poweroff
Is this possible?

Offline futzle

  • Beta Testers
  • Master Member
  • *****
  • Posts: 3226
  • Karma: +180/-8
Re: Is there luup code for sending ssh commands to a server?
« Reply #1 on: August 27, 2012, 06:02:12 pm »
You can run any shell command from Lua with
Code: [Select]
os.execute("command")
The main trick with scripting SSH is that you have to make it non-interactive.  Practise first from the Vera command line, and when you can make it work without prompting for passwords, then put it into the Lua snippet above in a scene.

Offline garrettwp

  • Beta Testers
  • Master Member
  • *****
  • Posts: 6376
  • Karma: +226/-128
  • Vera 3, Lite, ISY994
Re: Is there luup code for sending ssh commands to a server?
« Reply #2 on: August 28, 2012, 07:17:06 am »
You'll also need to take a few other things into consideration. Since the command most likely will prompt you twice for a password. First one when doing the ssh command and the second for the sudo command. You have a few options:

1.
  1.1 Enable root on the linux box and allow root ssh access.
  1.2 Create a ssh key (with no password) for vera and add it to linux box root's authorized key list file.
  1.3 Add additional security measures to the authorized key file for only allowing vera's ip address access via the ssh key,
        also only allowing vera to issue the poweroff command only.

2.
  2.1 Do step 1.2 but for the user's account on the linux box.
  2.2 Also follow step 1.3
  2.3 Allow the poweroff command to be run as you with out requiring sudo.

Option 2 is more secure as it does not gain vera root access and you can keep root locked down.

- Garrett

Offline The-Source

  • Jr. Member
  • **
  • Posts: 74
  • Karma: +0/-0
Re: Is there luup code for sending ssh commands to a server?
« Reply #3 on: August 31, 2012, 06:52:14 pm »
I hope the topicstarter would like to share the code he's making so others can learn from it :)

Passwords offcourse should be left out of it ;)
there are only 10 types of people in the world those who understand binary and those who don't ;)

Offline ketchoupi

  • Newbie
  • *
  • Posts: 13
  • Karma: +0/-0
Re: Is there luup code for sending ssh commands to a server?
« Reply #4 on: October 03, 2012, 12:11:04 pm »
hi
@ deursen : do you have any success with your server?

because i'm trying to do same thing but with sudo zmpkg.pl

thanks for your attention

Offline garrettwp

  • Beta Testers
  • Master Member
  • *****
  • Posts: 6376
  • Karma: +226/-128
  • Vera 3, Lite, ISY994
Re: Is there luup code for sending ssh commands to a server?
« Reply #5 on: October 03, 2012, 12:35:10 pm »
Most of the time sudo requires keyboard interaction. In order to issue commands with out having to type a password in and have it work automatically would to create an ssh key with no password for the appropriate account that has access to run the commands that you want. As a safety measure it would be wise to lock down the use of the ssh key either by ip address, command or both. There are many guides available on the net that explains how to issue commands over ssh and how to secure it.

- Garrett

Offline ketchoupi

  • Newbie
  • *
  • Posts: 13
  • Karma: +0/-0
Re: Is there luup code for sending ssh commands to a server?
« Reply #6 on: October 06, 2012, 10:29:43 am »
thank for you answer

i'm thinking that not easy for me but i will try.

Offline HouseBot

  • Full Member
  • ***
  • Posts: 205
  • Karma: +1/-1
Re: Is there luup code for sending ssh commands to a server?
« Reply #7 on: October 12, 2012, 02:35:15 pm »
  1.2 Create a ssh key (with no password) for vera and add it to linux box root's authorized key list file.
 

Sounds easy (not) but... What do I do after the key is added  :-\

Offline PurdueGuy

  • Hero Member
  • *****
  • Posts: 1169
  • Karma: +21/-0
Re: Is there luup code for sending ssh commands to a server?
« Reply #8 on: October 18, 2012, 04:24:05 am »
  1.2 Create a ssh key (with no password) for vera and add it to linux box root's authorized key list file.
 

Sounds easy (not) but... What do I do after the key is added  :-\
The steps below only allow you to send commands via SSH.   This doesn't give you sudo access (unless you do it at the root user, which I wouldn't recommend.  Also, I tested these with my Vera and a Mac, running 10.8. 

1) Generate SSH key
Code: [Select]
dropbearkey -t rsa -f ~/.ssh/id_dss
2) View SSH public key
Code: [Select]
dropbearkey -y -f ~/.ssh/id_dss
3) Copy the following from the above to a new line in " ~/.ssh/authorized_keys2" on your Linux box (should be one long line, similar to below, but the "...xxx..." is seemingly random characters):
Code: [Select]
ssh-rsa Axxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxE= root@MiOS_12345678
  NOTE: the "...xxxx...." is your key...do NOT share that!!  Well, it is your public key, but I still wouldn't do posting it around the forum, in case you mistakenly grab your private key.

4) Now test that you can SSH from Vera to your Linux box.
Code: [Select]
ssh -i ~/.ssh/id_dss -l <USER> <HOST>Note: You'll need to say "y" to accept the remote box key fingerprint.

5) Now you can send a command via SSH from Vera (change the path/filename):
Code: [Select]
ssh -i ~/.ssh/id_dss -l <USER> <HOST> 'touch /path/to/dir/touchTest.txt'
6) You should a new (empty) file created with the "touch" command at the location specified.

Once I do this, I can send a "sleep" command to my Mac OS X box.   That doesn't require sudo, so I don't have any issues with privilege escalation.  I would use the command:
Code: [Select]
ssh -i ~/.ssh/id_dss -l <USER> <HOST> 'pmset sleepnow'
Vera3, Leviton, Intermatic, SQ Blaster, HomeWave, DSC 1832, Insteon/Altsteon

Offline PurdueGuy

  • Hero Member
  • *****
  • Posts: 1169
  • Karma: +21/-0
Re: Is there luup code for sending ssh commands to a server?
« Reply #9 on: October 18, 2012, 04:28:20 am »
I just realized I forgot to describe how I tied this all together with LUUP.

With Vera, I had issues sending the SSH command directly from LUUP.  I believe since the SSH handshake takes a little while, I think the LUUP code would give up and kill it before it worked.

So I worked around that by having a separate script that ran every minute looking for a specific file.  If it found that file, it would issue the sleep command, and delete the file.

Then I had LUUP code do a "touch" on that file when needed.

The effects were not immediate, but close enough.  You can make the script run more often if you wanted.  I haven't tried with my Vera3, nor did I explore it that far with Vera2.  My file solution worked well enough for me at the time.
Vera3, Leviton, Intermatic, SQ Blaster, HomeWave, DSC 1832, Insteon/Altsteon

Offline garrettwp

  • Beta Testers
  • Master Member
  • *****
  • Posts: 6376
  • Karma: +226/-128
  • Vera 3, Lite, ISY994
Re: Is there luup code for sending ssh commands to a server?
« Reply #10 on: October 18, 2012, 04:35:39 am »
  1.2 Create a ssh key (with no password) for vera and add it to linux box root's authorized key list file.
 

Sounds easy (not) but... What do I do after the key is added  :-\
The steps below only allow you to send commands via SSH.   This doesn't give you sudo access (unless you do it at the root user, which I wouldn't recommend.  Also, I tested these with my Vera and a Mac, running 10.8. 


The only reason I suggested root is that the poster is using sudo and is required to power off the box. By allowing access to root via the ssh key you do have some security risks. But there are a few things to secure it more:

When adding the see key to the root's ~/.ssh/authorized_keys2 file you can add the following to the beginning of the key:

Code: [Select]
from="192.168.1.100" no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command=
"/sbin/poweroff" ssh-rsa Axxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxE= root@MiOS_12345678

A brake down of the extra arguments:

from=192.168.1.100 This is the ip address that is only allowed to use this key (you would use your vera's ip address.
no-port-forwarding This tells ssh not to allow port forwarding
no-X11-forwarding This tells ssh not to allow x11 forwarding
no-agent-forwarding This tells ssh not to allow agent forwarding
no-pty This tells ssh not to allow terminal access
command="/sbin/poweroff" The command part tells ssh that the specified command is the only command allowed to run. In this case the poweroff command.

- Garrett

p.s. forgot to add that you can bypass root for the poweroff command by giving the user you are ssh'ing as permission to run the poweroff command.
« Last Edit: October 18, 2012, 04:39:43 am by garrettwp »

Offline milillicuti

  • Sr. Newbie
  • *
  • Posts: 21
  • Karma: +0/-0
Re: Is there luup code for sending ssh commands to a server?
« Reply #11 on: January 18, 2013, 09:40:55 am »
The original idea was really pleasant, but the solution seems sooooo complicated ...
Isn't there any easier way to shutdown a Synology NAS with Vera?

Offline RichardTSchaefer

  • Master Member
  • *******
  • Posts: 9368
  • Karma: +704/-129
    • RTS Services Plugins
Re: Is there luup code for sending ssh commands to a server?
« Reply #12 on: January 18, 2013, 12:28:52 pm »
Yep ... put it on a Z-Wave swith
Or a network controlled switch like: http://www.digital-loggers.com/lpc.html

@garrettwp  has built a nice little plugin for the latter.

Offline capjay

  • Hero Member
  • *****
  • Posts: 668
  • Karma: +9/-3
Re: Is there luup code for sending ssh commands to a server?
« Reply #13 on: January 19, 2013, 01:54:58 am »
Yep ... put it on a Z-Wave swith
Or a network controlled switch like: http://www.digital-loggers.com/lpc.html

@garrettwp  has built a nice little plugin for the latter.

not sure it's a good idea to turn off a NAS by abruptly shutting its power  ??? expect file corruptions

Offline milillicuti

  • Sr. Newbie
  • *
  • Posts: 21
  • Karma: +0/-0
Re: Is there luup code for sending ssh commands to a server?
« Reply #14 on: June 02, 2013, 05:52:07 am »
Hi guys

Thanks for the lines.
I added a ssh key from my Vera to my Synology NAS.
If i use the terminal i can shut it down using this code

Code: [Select]
ssh -i ~/.ssh/id_dss -l <USER> <HOST> 'poweroff'
Any idea how about to do that in a luup scene?

I tried
Code: [Select]
os.execute("ssh -i ~/.ssh/id_dss -l root xxx.xxx.x.xxx 'poweroff'") but seems not to be the good way...

Thank you very much for your help.