Run shutdown command on FreeNAS PC using a batch file from Windows PC!

[Deepak Agarwal]

Hi Everyone


I thought its best to have a separate thread for this one. I need to be able to turn of the FreeNAS PC using a batch script file from Windows PC using PuTTy SSH (Neither Plink nor public key authentication for PuTTy SSH seem to work for me).

I have created a password authenticated (for some reason my public key authentication doesn't seem to work) PuTTy session that works and I am able to log in by either typing the following command at the dos prompt or having that in a batch file :-

putty -ssh anyone@192.168.1.10 -pw mypassword

What I want to do is to use the -m option which, I understand, requires a local (not sure if this is supposed to be local to the Windows PC or the FreeNAS PC) script file that contains the command to be run on the linux/freeBSD terminal like so :-

putty -ssh anyone@192.168.1.10 -pw mypassword -m "D:\FreeNAS_Server_Shutdown_Files\ShutdownFreeNASCmdFile.txt"

In the above statement, the .txt file is local to my Windows PC.

The file "ShutdownFreeNASCmdFile.txt" contains this command
sudo shutdown -p now

But that didn't work!


I also tried it with this command in the file
./.ssh/shutdownfreenas.txt - running this command under "anyone" or root login (from shell) gave permission denied error even the sudoers file in /conf/base/etc/local/sudoers has these lines :-

anyone ALL=(ALL) NOPASSWD: ALL
%wheel ALL=(ALL) NOPASSWD: ALL

The shutdownfreenas.txt file contains the "sudo shutdown -p now" command


Any suggestions?


Best regards


Deepak

 

[N00b]

While I don't understand why you are doing this instead of just shutting down your nas from the web interface try this:
putty -ssh anyone@192.168.1.10 -pw mypassword -m "sudo shutdown -p now"

Also instead of the very open authorization "anyone ALL=(ALL) NOPASSWD: ALL" use "anyone ALL=(ALL) NOPASSWD: /sbin/shutdown". Please check the exact location of the command shutdown using "which shutdown" on the CLI as I am not near my FreeNAS box currently.

 

[Deepak Agarwal]

Hi N00b

Thanks for your response but that suggestion of your didn't work - the error was "Could not open the command file".

I understand that it need a file name after the -m option. I read somewhere that it needs to be a local file - not sure if its supposed to be local to Windows PC or FreeNAS PC.

Your other recommendation is very good - I actually wanted to do that but didn't know how! I have checked about 'which shutdown' and it does say '/sbin/shutdown'

FYI - I just tried to execute these statement from the "anyone" login interface :-

su
enter password
shutdown -p now

And that worked.

I am now going to create a file called 'shutdownfreenas.sh' file in the .ssh directory in the 'anyone' home directory and then try and execute the script file by running this statement

./.ssh/shutdownfreenas.sh

Will keep you posted on the outcome of that!

In fact, just ran it now and I get the 'Permission Denied' error. Why do I get this error when I previously ran the 'su' command. Further, the user 'anyone' has the privilege to run any command in my 'sudoers' file, wrong thing to do, I know but I thought that would allow it to run such a command.


P.S
I just created a similar file for the 'root' user and I still get the same error - how can that be! I thought the 'root' user should be able to run any command regardless!!!!


Latest Edit
Changed the permissions for the .ssh/ directory and the 'shutdownfreenas.sh' files on both the 'root' and the 'anyone' users and they both worked by typing the following command :-

./.ssh/shutdownfreenas.sh

That is good! Now all I need to know now is how to get this command to be run from a batch file on windows!



Best regards


Deepak

 

[N00b]

Hi Deepak,
My bad the -m option refers to commands from a local file whereas we are trying to pass the command as an argument to the ssh command itself.
Rewind - don't mess with permissions and things like that !!!

What you need is to use plink. See this documentation.

Here are the tested steps.The work on my PC-BSD sandbox so I am sure they should work on FreeNAS as well.

Generate a private key using PuTTYgen. Add the public key in the "Public key for pasting into OpenSSH authorized_keys file" into the authorized_keys file of the user you will be using (You cna use the FreeNAS gui).

Put the following command into the batch file.

plink -i path/to/privatekeyfile user@nasboxhostname "sudo shutdown -p now"
(note use double quotes "")

You should see the following:
D:\>plink -i priavtekey user@nasboxhostname "sudo shutdown -p now"
shutdown: [pid xxxxx]
Shutdown NOW!
Shutdown NOW!

System shutdown time has arrived

 

[Deepak Agarwal]

Hi Noob

Thanks for your response! Greatly appreciated.

I am writing this before trying out your suggestions only because I have a question and because of the time difference I don't want to loose your input for another day!

I have tried and failed to use plink as I have said in my post - but I will try again!

Where is the FreeNAS gui for doing the public key generation and pasting the same in the authorized_keys file etc etc?

Further, the plink statement, do I need to use 2 double quotes where you have shown double quotes as I enter the command in the batch file?

I will keep you posted. BTW what time is it where you are - here it is 9.10 pm!


Best regard


Deepak

 

[N00b]

Hi Deepak,

Sorry I am not sure why you failed when using plink. I have tried it now on my FreeNAS and it works.

You need to generate the key file on your laptop using PuttyGen and copy the openssh public key to the FreeNAS.

"Generate a private key using PuTTYgen. Add the public key in the "Public key for pasting into OpenSSH authorized_keys file" into the authorized_keys file of the user you will be using (You cna use the FreeNAS gui)." The OpenSSH public key needs to be pasted into the public key field of the user in the FreeNAS gui - instructions here

Yes you need to enter the command in double quotes (") as it is a command that is passed on to the box.

 

[Deepak Agarwal]

Hi Noob

I did exactly as you have suggested but I am still getting the error. Here are the steps that I followed :-

1. Generated the key file using PuTTy and saved the private key in "D:\SSH Keys\" here with filename "MySSHPrivateKey.ppk"
2. Copied the contents in the "Public key for pasting into OpenSSH authorized_keys file" text box in to the user's (called anyone in my case) SSH public key text box.
3. Also, copied the contents in the "Public key for pasting into OpenSSH authorized_keys file" text box in to the user's (called anyone in my case) authorized_keys file. Changed the permissions to this file to 600.
4. At the DOS prompt, wrote this command :- plink -i D:\SSH Keys\MySSHPrivateKey.ppk anyone@192.168.1.10

Got the error called "Unable to open connection : Host does not exist"

I don't understand what does that mean?

Any further suggestions?


Deepak

 

[tmacka88]

Hey guys,

I am doing the same thing.

I am trying to execute a shell script to shutdown my freenas through my web server. I want to be able to click a button or just type in a url to execute the script.

Currently, I have setup ssh keys and I can connect from my raspberry pi to freenas fine through ssh.

This is my command that successfully turns off my freenas when executing it from terminal/putty whilst already sshed into my raspberry pi:

Code:

pi@raspberrypi ~ $ sudo ssh root@192.168.2.141 -i /etc/ssh/freenas-root_rsa 'shutdown -p now'
Shutdown NOW!
shutdown: [pid 16089]
Shutdown NOW!

^^^^ this works.

Now onto the next step which I am having trouble with.

I created a .sh script e.g. shutdown.sh and put this into /usr/lib/cgi-bin directory. Script is as below. Permissions set to 755 so it's executable.

Code:

#!/bin/bash

sudo ssh root@192.168.2.141 -i /etc/ssh/freenas-root_rsa 'shutdown -p now'

Now when I try to execute it by url:

Code:

http://192.168.2.11/cgi-bin/shutdown.sh

nothing happens to my frenas server.

I do get a server 500 error but i assume this is because there is no html for the page to load.

How can I get this script to work when executing it from a html <a>, or <button> button or just from entering a URL as above.

Thanks

 

[cyberjock]

Putting files in /usr/lib/cgi-bin is very hacky. I wouldn't recommend you do that.

Any reason you can't just send the ssh command and let that shut the box down? I have had 3 boxes on one UPS and when the one machine that is connected to the UPS via USB gets the signal to shutdown it sends ssh commands to the other boxes. ;)

 

[tmacka88]

Putting files in /usr/lib/cgi-bin is very hacky. I wouldn't recommend you do that.

Any reason you can't just send the ssh command and let that shut the box down? I have had 3 boxes on one UPS and when the one machine that is connected to the UPS via USB gets the signal to shutdown it sends ssh commands to the other boxes. ;)

hey mate,

I assume you are using your scripts in the Init/Shutdown Scripts on your FreeNAS.

How would you recommend me do it then as I am trying to do it slightly differently.

Basically, I am trying to integrate my shutdown script with my home automation setup. I use a iPad running iRule where I can turn on/off tv's, xbmc etc. not I want to be able to turn my FreeNAS off from within iRule by a button.

So that's why I was thinking of executing the script via a URL or a html <a>/<button>.

I was going to have the script and html on a raspberry pi web server that's always on. Then I was going to have a button on iRule that executes the URL or display the html button that can execute the command.

So it's a bit different to how you use yours I think.

Any recommendations would be great. I don't care if i don't use the cgi-bin or not just as long as I can execute the script via URL.

thanks.

 

[cyberjock]

I do my scripts on init and shutdown. As for how to accomplish what your goal is, if you have to start editing files related to FreeNAS install you are already in "hacky" territory.

I don't think FreeNAS is very well suited for your case. You could accomplish what you want by setting up your own webserver in a FreeNAS jail and let it do what you want it to do. But that topic is a bit beyond the scope of this forum.

 

[tmacka88]

hey.

I won't be editing any FreeNAS files at all. the script won't be stored on the FreeNAS server at all. everything is on another web server and the script then ssh's with ssh keys and runs the shutdown remotely.

does this make sense? it is kinda beyond this forum though as I think the problem I am having is on the web server and not FreeNAS.

 

[tmacka88]

I have been thinking for an easier and more secure way. could you make a plugin and when you open the jail ip for that plugin it would execute a shell script. as in my case "shutdown -p now"
but really could be anything you wish and then you can execute it by accessing the jail ip. that way I could then implement a web server button that opens the jail ip.

would this work? and if so how hard would the plugin be to make?

 

[cyberjock]

Uh, plugins don't go inside jails.. they ARE the jail. You can't do a plugin of a plugin. You probably could write a bash script that you run to "install" some changes you need. But that wouldn't technically be a plugin.

 

[sfcredfox]

Any reason you can't just send the ssh command and let that shut the box down? I have had 3 boxes on one UPS and when the one machine that is connected to the UPS via USB gets the signal to shutdown it sends ssh commands to the other boxes. ;)

Can you share some more details on how you are doing this? I am trying to do the same thing.

I have tried using plink:

1. created a new user ID 1001, gave user a password, put user in wheel group???? - Don't know if that's the best way? I would really like the user to be able to call shutdown and do NOTHING else, but googling how to do that in freebsd is like googling a masters degree in something...

2. on a windows computer, ran:

Code:

plink -ssh myuser@myip -pw mypassword "sudo shutdown -p"

I get:
could not chdir to home directory /nonexistent: no such file or directory
Does this mean you are REQUIRED to make a home directory for the user?

Can you answer how to setup the user to have least privilege required for shutdown and how to do the plink call?

 

[cyberjock]

plink is what I've used in the past. Unfortunately since I don't use it anymore I can't really tell you how I did it.

BUT, your "myuser" should be root, which means sudo shouldn't be used. No doubt 'sudo shutdown -p' is probably asking for a password (which you can't reply to) so naturally it's probably not working. ;)

 

[island_fresh]

plink -i path/to/privatekeyfile user@nasboxhostname "sudo shutdown -p now"
(note use double quotes "")

You should see the following:
D:\>plink -i priavtekey user@nasboxhostname "sudo shutdown -p now"
shutdown: [pid xxxxx]
Shutdown NOW!
Shutdown NOW!

System shutdown time has arrived

when i plug this command into cmd console I get the following error returned "sudo: no tty present and no askpass program specified"
could you please guide me into correcting this? I managed to setup private/public key, i have not setup a pass-phrase.

I am trying to setup a batch file to power down the NAS server from a windows PC attached to UPS system.

PS- this page https://forums.freenas.org/index.php?threads/cant-get-public-key-authentication-to-work.20119/ helped in the setup of public/private key using putty and puttygen, the OP found a bug with the permissions when setting up the public key via the freeNAS GUI! I was stuck with "Unable to authenticate [preauth]" until i found this very good thread.

thanks.

 

[sfcredfox]

I use plink (download it) and run the following command in powershell:

Code:

echo Y | C:\DATA\Scripts\plink.exe -ssh -l root -pw YOURPASSWORD IPADDRESS shutdown -p now

My UPS software calls a powershell script that runs that command. I tested it a few times, worked each time.

*edit* I run it as root. That's not a security best practice and I hate doing it, but I could not get around the elevation thing. Just don't know how. I'm guessing there is a way to do it.

 

[island_fresh]

Hi sfcredfox,

I am not using the root user, but if i cannot do this with my created user then i may have to use root. My LAN is firewalled and not open to the internet so will use root if I must.
You don't require public/private key with your code?
I am trying to initiate shutdown direct from a ms dos prompt. I thought a public key was required.

I read on another forum to add the operator group to the created user to shutdown, instead of root.

*edit* very nice, your code works! ;)

 

[sfcredfox]

Sweet, sweet victory