Script to fire a command to a router through SSH [Solved]

[Freakandel]

Hi all,

Im a total nitwit when it comes to scripting, how much I try.

I have the need to get an easy (safe!) way for my family (wife and kids) to switch on and off the Guest network in my Asus router. I have found an working solution via SSH commands, directly on my router, now I seek a way to get this done by flipping a switch in Domoticz.

See also the posts in this forum:https://www.snbforums.com/threads/switc ... and.60987/

There are 2 commands neccessary: first to switch the Guest Wifi on/off, second to restart the Wifi service. The Domoticz server is connected with a wire to the router, so that should not be a problem.

Can someone help me out here?

Thanks!

[waaren]

I have the need to get an easy (safe!) way for my family (wife and kids) to switch on and off the Guest network in my Asus router. I have found an working solution via SSH commands, directly on my router, now I seek a way to get this done by flipping a switch in Domoticz.
Can someone help me out here?

a dzVents solution could look like

Code: Select all

local scriptVersion = '0.20200102'
local scriptVar  =  'SSH_' .. scriptVersion

--[[ 

This dzVents script is used to switch the wireless network on RT-AC88U-2E68 based on the state of the domoticz 
device used to trigger this script.

The script use io.popen to trigger a nvram and a service restart command on a remote system via ssh 
(the router must be accessible by the user that is running the domoticz service, via password-less 
SSH (with public / private key setup)

Before activating the script:
    Read the GETTING STARTED section of the dzVents wiki. 
    Change the values in the script to reflect your setup
   
]]--

return
{
    on = 
    { 
        devices = 
        {
            'routerTrigger', -- change to the name of the device 
        },
    },

    logging =   
    {
        level = domoticz.LOG_DEBUG, -- set to LOG_ERROR when tested and OK
    },
    
    execute = function(dz, item)
        _G.logMarker =  _G.moduleLabel -- set logmarker to scrptname
        
        remoteHost = 'r7800'  
        
        -- =======================================================================
        --               NO changes required below this line
        -- =======================================================================

        --commands to execute remote
        local commands = {}
        commands.enable = 'nvram set wl0.1_bss_enabled=1 '
        commands.disable = 'nvram set wl0.1_bss_enabled=0 '
        commands.restart = 'service restart_wireless '
        
        
        local function osCommand(cmd)
            dz.log('Executing Command: ' .. cmd,dz.LOG_DEBUG)

            local fileHandle = assert(io.popen(cmd .. ' 2>&1 || echo ::ERROR::', 'r'))
            local commandOutput = assert(fileHandle:read('*a'))
            local returnTable = {fileHandle:close()}

            if commandOutput:find '::ERROR::' then     -- something went wrong
            dz.log('Error ==>> ' .. tostring(commandOutput:match('^(.*)%s+::ERROR::') or ' ... but no error message ' ) ,dz.LOG_DEBUG)
            else -- all is fine!!
                dz.log('ReturnCode: ' .. returnTable[3] .. '\ncommandOutput:\n' .. commandOutput, dz.LOG_DEBUG)
            end
            return commandOutput,returnTable[3] -- rc[3] contains returnCode
        end
        
        local function buildSSHCommand(cmd)
            local sshBOL = "sudo ssh "  .. remoteHost .. " \'"   
            local sshEOL = ";\'" 
            
            local cmd = sshBOL .. 
                        cmd .. 
                        '; echo $(date) : ' .. cmd .. ' >> /tmp/domoticz.log '  ..
                        sshEOL
            return cmd 
        end
        
        -- Main
        if item.active then 
            osCommand(buildSSHCommand(commands.enable))
        else    
            osCommand(buildSSHCommand(commands.disable))
        end    
        osCommand(buildSSHCommand(commands.restart))
    end
}

[Freakandel]

Hi Waaren, many thanks for your script. I will try this early in te morning, have to sleep first I have to figure out how to setup the passwordless connection with SSH. I have read something about this before but did not need it till now. I will let you know the results as soon as possible. Thanks again!

[Freakandel]

Hi Waaren, I have setup the script and Switch in Domoticz. I have also managed to setup the certificates for SSH (I think) as instructed here: https://linuxize.com/post/how-to-setup- ... ssh-login/

The strange part is that when I manualy (via SSH from the DOmoticz server to the router) enter the command without sudo, it works like a charme. Within Domoticz, even when removing the sudo part, I get authorisation errors in Domoticz.

This is the Domoticz log:

Code: Select all

2020-01-03 11:59:05.765 Status: User: Admin initiated a switch command (165/GastWiFi2.4/On)
2020-01-03 11:59:05.828 Status: dzVents: Info: Handling events for: "GastWiFi2.4", value: "On"
2020-01-03 11:59:05.828 Status: dzVents: Info: ------ Start internal script: Script #1: Device: "GastWiFi2.4 (Asus Router)", Index: 165
2020-01-03 11:59:05.828 Status: dzVents: Debug: Script #1: Executing Command: ssh [email protected] 'nvram set wl0.1_bss_enabled=1 ; echo $(date) : nvram set wl0.1_bss_enabled=1 >> /tmp/domoticz.log ;'
2020-01-03 11:59:06.907 Status: dzVents: Debug: Script #1: Error ==>> Permission denied, please try again.
2020-01-03 11:59:06.907 Permission denied, please try again.
2020-01-03 11:59:06.907 Connection closed by 192.168.1.1 port 22
2020-01-03 11:59:06.907 Status: dzVents: Debug: Script #1: Executing Command: ssh [email protected] 'service restart_wireless ; echo $(date) : service restart_wireless >> /tmp/domoticz.log ;'
2020-01-03 11:59:07.976 Status: dzVents: Debug: Script #1: Error ==>> Permission denied, please try again.
2020-01-03 11:59:07.976 Permission denied, please try again.
2020-01-03 11:59:07.976 Connection closed by 192.168.1.1 port 22
2020-01-03 11:59:07.976 Status: dzVents: Info: Script #1: ------ Finished Script #1

[waaren]

Hi Waaren, I have setup the script and Switch in Domoticz. I have also managed to setup the certificates for SSH (I think) as instructed here: https://linuxize.com/post/how-to-setup- ... ssh-login/

The strange part is that when I manualy (via SSH from the DOmoticz server to the router) enter the command without sudo, it works like a charme. Within Domoticz, even when removing the sudo part, I get authorisation errors in Domoticz.

Is your domoticz instance process executing with the same user as the one you used for your manual test ?
What kind of error do you see when you include sudo just before the ssh command ?
You can also try something like sudo -u maarten ssh [email protected]

[Freakandel]

Hi Waaren, I had some trouble with the SSH certificate, but I think I have figured that out. In Asus, the certificate must be entered in the Config Webpage, not copied to the router from the Domoticz host. The latter will put the certificate in temp storage. When I enter the command manually with SSH from the Domoticz server to the Asus router : ssh [email protected] 'nvram set w10.1_bss_enabled=1' it works, I do not have to enter a password.

I noticed that when I use, manually, the 'sudo' command before the ssh line, It asks my local password (from the Domoticz server). So I have taken out that part, since it seems to work fine without 'sudo'.

In Domoticz log I see:

2020-01-04 22:21:32.386 Status: dzVents: Debug: Script #1: Executing Command: ssh [email protected] 'service restart_wireless ; echo $(date) : service restart_wireless >> /tmp/domoticz.log ;'
2020-01-04 22:21:33.420 Status: dzVents: Debug: Script #1: Error ==>> Permission denied, please try again.

I do not know what the part '; echo $ ' etc does. Maybe there is an error?

I hope you can help me here again...

Much regards

[waaren]

I noticed that when I use, manually, the 'sudo' command before the ssh line, It asks my local password (from the Domoticz server). So I have taken out that part, since it seems to work fine without 'sudo'.

Code: Select all

2020-01-04 22:21:33.420 Status: dzVents: Debug: Script #1: Error ==>> Permission denied, please try again.[/quote]

I do not know what the part '; echo $ ' etc does. Maybe there is an error?

The echo part is just to create a log. If that does give you the error, it can be removed but maybe you can first check if maarten can write to /tmp/domoticz.log on your router.

if sudo asks for a password on your system for a user, you can prevent that by creating a file in /etc/sudoers.d/ directory and include your sudo rules in that file. There is probably already a file for user pi (/etc/sudoers.d/010_pi-nopasswd) with content

pi ALL=(ALL) NOPASSWD: ALL

I created my own file (/etc/sudoers.d/myOverrides) with content

waaren ALL=NOPASSWD: ALL

[Freakandel]

@waaren: I got it working with SSHPass. I couldn't get the certificate solution working. I can now switch on and off the Guest WiFi via Domoticz! Brilliant!

Is it possible to get the 2.4 Ghz and 5 Ghz wifi on with one command? The syntaxt for switching on is " nvram set wl0.1_bss_enabled=1 " while for 5Ghz the same command for wl1.1_bs_enabled should be given. My wife and children dont know the difference of these two networks, so one switch in domoticz can put both guestwifi networks active. Can you please help me again here?
Thanks!

[waaren]

Is it possible to get the 2.4 Ghz and 5 Ghz wifi on with one command? The syntaxt for switching on is " nvram set wl0.1_bss_enabled=1 " while for 5Ghz the same command for wl1.1_bs_enabled should be given. My wife and children dont know the difference of these two networks, so one switch in domoticz can put both guestwifi networks active. Can you please help me again here?
Thanks!

If you want to send multiple commands a solution could be to use below command

Code: Select all

" nvram set wl0.1_bss_enabled=1 ;  vram set wl1.1_bs_enabled=1 "

[Freakandel]

Hi Waaren, thanks again, this works for me! Didn't know the syntax of a multi command in one line. Again something learned here! Cheers!