Need help with SSH flow setup

[Chris]

I'm trying to setup an SSH flow to shutdown my NAS when outside my network.  Currently i'm using Mobile SSH from the play store and it works very well, so I know i've got my NAS setup correctly.  Or at least this far it is. 

To begin, I'm not 100% familiar with ssh and some networking areas.  that said, I'm having trouble with a few areas.  One, trying to decide if I should be using "Network service discovery", "Shell command" or "ADB Shell Command".  Not being super savvy here, I'm unsure of where I should be focusing.  That being the case, I've kinda tried all of them. lol.

This how far I've got.  While using Shell comment and this line, ssh user@ip.  I keep getting a java.io.IOException: error=13, Permission denied.  I have also tried ssh user@ip password.  same result.  I've tried setting up a separate block and delays thinking it may be an issue with sending the command all together. Didn't help.

I then tried the Network service discovery, and the same command and same format, I get a read out on the log as the same when I string anything to a shell command block.

I understand from using mobile ssh, I have to hit the connect button, then login as user, then it asked password, once there, I use sudo -i poweroff.  It will ask for the password again and after entering it, my NAS accepts and powers down.  I'm not certain if automate can perform in this manner.  However, using cmd on my pc, the commands are simple and they work after my pc gets the fingerprint.  I've tried using this -o StrictHostKeyChecking no before my username.  That hasn't help.

PS> should I even be using separate block to execute different line commands?  I tried it, no luck.  Also tried typing everything out in one line, separated by ; also no luck.

Hoping to find the light at the end of the tunnel :) 

any help is welcome and most importantly, very appreciated.

Thank you,

Chris

[Bushmills]

I think what you're encountering is a problem with authentication. "shell command" is the proper action for execution, but passing the password on the command line is a no-go with ssh. Some SSH clients allow storing the password for an account/server combination which is generally not a good idea, but it may be convenient. The "proper" way to login without password prompt is through key authentication. As I don't know that specific "Mobile SSH" app, I can only generalize here:

1.  create an ssh key pair, consisting of a private and a public key.   On a Unixoid computer, there's often the tool  "ssh-keygen" for this purpose. Possibly on your NAS too.

2. add public key (one line) to server.  Often (but configurable, therefore not guaranteed) that line is added to  <userhome>/.ssh/authorized_keys  with <userhome> being the home directory of the user you which to login as.

3. add private key to client, where ssh client can find it and use it.  ssh clients commonly have a default (configured) location where to look for keys. Putting it there saves you the effort to specify it's location on the ssh invocation line.

4. Login at least once manually. You're likely to be presented a dialogue which you need to confirm the first time you connect.

After that, you ought to be able to log in from client to server under the user name of the remote account, without password prompt.

This ought to simplify automatic, unattended, non-interactive login for remote command execution.

The keys, when generated, usually have names like    id_rsa.pub (the public key, for the server)  and id_rsa  (private, for client)

[Bushmills]

I should have emphasized that it's (generally, configurable) possible to use this key based authentication method to log in to remote computers as root - which removes the need of the extra sudo, as the login has already the privileges you otherwise have to gain through sudo.

[Shari Shark]

Firstly, which shell block are you using? There are 3 shell blocks

a) ADB shell command - requires additional configuration and needs to accept tcp/ip connections.

b) Shell command - the most basic and will work on most, if not all, phones. however restrictions apply.

c) Shell command superuser - works only on rooted devices.

If you're using a or b) shell command, you are most likely out of luck as android default may not come with ssh installed. That may be your issue.

If you have root, then make sure you install busybox or equivalent. Cuz again, afaik, default android do not come with ssh.

Anyway, if you managed to get ssh to work, you can use the command "sh -c 'echo <password> | ssh user@ip \'echo <password> | sudo poweroff\''" in the command line to shutdown without any interaction. Replace <password> with your user password. Suggest that you copy and paste the highlighted text inside the double quotes.

*** More advance stuff, make sure the above work first before working on the below. ***

And it is actually a very bad idea to echo your password. For ssh, it is better to use a ssh key for key-based login. As for the poweroff, you will have to find a way to enter a password if you want to do it without interactions. One way is to save a text file with your password in the user's ~ directory, and then use file redirection. Something like sudo poweroff <<< <text file with password>. Make sure you do chmod 600 on the <text file with password>.

[Chris]

Hi guys,

Thank you both for the suggestions.  Great details.  Work has had me quite busy and I haven't been able to test either.  I'll give them a go hopefully tonight or tmw. I may need some help executing, though I'll try and see what results I get first.  

Thanks again for the detailed instructions.

[Chris]

Hi Shari, 

So I copied this over and replaced password with mine. I did notice "sh".  Was it to have "ssh"?  When I run it as "sh", it runs the script and doesn't have an error, through the Nas doesn't shutdown. 

On Thursday, July 22, 2021 at 4:47:12 AM UTC-7 Shari Shark wrote: