I also wanted to execute a command on a remote server using SSH from Luup code and a search led me to this thread.
I got as far as @milillicuti but could not get the os.execute command to work either even though everything worked correctly from the command line. After some investigation, I figured out what was wrong and how to fix it.
The problem appears to be a quirk in the Vera environment. When you SSH into Vera the home directory is "/root" as you would expect. But when Luup code is running, the home directory is "/". And since SSH reads and writes files in a special ".ssh" directory under the home directory, it's working with two totally different directories when running from the command line versus running from Luup code ("/root/.ssh" vs. "/.ssh").
The solution is easy: Create a symlink from "/.ssh" to "/root/.ssh" so the two different environments will always use the same directory. This is done by running the following two commands at the Vera command line. The first command deletes the existing "/.ssh" directory, so you may want to look at the contents first to make sure nothing important will be destroyed. Mine contained only an empty known_hosts file, so destroying it was OK.
rm -rf /.ssh
ln -s /root/.ssh /.ssh
With that symlink in place, if you can connect to your remote server successfully from the command line without using a password, then it should also work successfully from within Luup code.
So I can shutdown my server with this Luup code:
os.execute("ssh -y -i ~/.ssh/id_rsa <user>@<server> sudo /sbin/poweroff")
The remote machine also has to be set up properly so the given command can be executed without needing a password. For my remote machine (which is a Linux box), I did this with a sudo config file for the "vera" user. I created the "vera" user specifically so I can control the environment and what commands can be executed when connecting from Vera. I agree with @garrettwp that access should be tightly controlled.
The user-specific sudo config file is "/etc/sudoers.d/vera":
Defaults:vera !authenticate
vera <your_hostname>=/sbin/reboot,/sbin/poweroff
As a side note, these are the commands I used on Vera to generate the private and public key files:
dropbearkey -t rsa -s 2048 -f ~/.ssh/id_rsa | grep ^ssh-rsa > ~/.ssh/id_rsa.pub
chmod 400 ~/.ssh/id_rsa
chmod 400 ~/.ssh/id_rsa.pub
Then the contents of the public key file "~/.ssh/id_rsa.pub" must be appended to the "~/.ssh/authorized_keys" file on the remote machine.