# Script to shutdown remote system?



## walterbyrd (Aug 14, 2016)

Ultimately, I want to shutdown a freebsd box from my android (there are lots of android apps to run scripts).

I do not want to be prompted for a password. 

One step at a time, first I just want to shut down the remote from another freebsd box.

The following did not work:


```
#!/bin/sh

ssh -t walter@192.168.1.2 "echo PASSWORD | sudo shutdown -p now"
```

I am prompted for a password twice. 

Taking a step back, I tried to just ssh into the remote:


```
#!/bin/sh

echo PASSWORD | ssh walter@192.168.1.2
```

I get the error message:
> Pseudo-terminal will not be allocated because stdin is not a terminal.

I tried another script, which supposedly worked for bash


```
#!/bin/sh
spawn ssh walter@192.168.1.2
expect "password:"
sleep 1
send "PASSWORD:"
```

Get the following errors:
> ./t.sh: spawn: not found
> ./t.sh: expect: not found
> ./t.sh: send: not found

BTW: while developing a script, I often use one letter filenames. I change the names once I get the script to work.

I am out of ideas. 

Maybe I should try another language? Like python or perl? I am not sure how that would work from an android. 

Any thoughts appreciated. Thanks in advance.


----------



## tobik@ (Aug 14, 2016)

Generate and use SSH keys (preferably with a passphrase but I don't know how good the SSH agent support is on Android, without a passphrase works too, https://www.freebsd.org/doc/handbook/openssh.html#security-ssh-keygen) and setup sudo to work without a password for `shutdown -p now` (https://www.freebsd.org/doc/handbook/security-sudo.html) then you can `ssh -i ~/your/ssh/private/key walter@192.168.1.2 sudo shutdown -p now`.


----------



## ondra_knezour (Aug 14, 2016)

Consider using keys instead of passwords if you don't want to be prompted for them. Or, if there is not absolutely any other way around, see security/sshpass.

See sudoers(5) and search for NOPASSWD regarding the second password prompt.


----------



## Murph (Aug 14, 2016)

A trick from the good old days, which could be adapted to the modern SSH era.  It was not unusual to create a user named shutdown, with root UID & GID, but /sbin/shutdown as its shell.  I.e. something like the following:

```
shutdown::0:0::0:0:Shutdown:/shutdown:/sbin/shutdown
```
You can use this rough technique to engineer a solution where the SSH keys can't be used for anything other than shutting the system down.

The historical use of this was to have a console-only user which could shut the system down either without a password, or with a password that didn't really give other privileged access to the system.  The facility could be given to workstation users (in the case of people not allowed root on their own workstations), or junior systems/operations staff who would not normally be given widespread root access.  It's not just from a pre-ssh era, it's also from a pre-sudo era.

Whatever you do, don't go with passwords embedded in scripts, for anything!  It's just horrible and pretty much an accident waiting to happen.  Use keys, they are not hard to use.


----------



## walterbyrd (Aug 14, 2016)

Murph said:


> A trick from the good old days, which could be adapted to the modern SSH era.  It was not unusual to create a user named shutdown, with root UID & GID, but /sbin/shutdown as its shell.  I.e. something like the following: Use keys, they are not hard to use.



I like the idea, but it did not seem to work. The "shutdown" user was logged in with sh shell.

Maybe I could put a shutdown startup script in .profile or something?


----------



## tobik@ (Aug 14, 2016)

Murph said:


> You can use this rough technique to engineer a solution where the SSH keys can't be used for anything other than shutting the system down.


We can go further with SSH.  SSH can be configured  to autorun a specific command whenever you login with a specific key. It's also useful to restrict port forwarding etc. (see sshd(8) for what restrict does here) e.g. in /home/walter/.ssh/authorized_keys:

```
command="sudo shutdown -p now",restrict <your ssh public key here>
```
 whenever you run `ssh -T -i ~/path/to/private/key walter@192.168.1.2` it'll run `sudo shutdown -p now` automatically (and only allow that command).


----------



## walterbyrd (Aug 15, 2016)

Okay, I got something that works.

Create a "shutdown" user, like any other user. I use a one letter user name.
Add that user to the operator group.
Comment out everything in the user's .profile file.
Put the following in the .profile file:
`shutdown -p "now"`

On my Android device I use an app called "connectbot"
I use one letter for the user name, and a very simple password.
I think a simple password is safe because all you can do is shutdown the system.

I click the connectbot icon
Choose  x@192.168.1.2 (once you enter it, it will stay there for you to choose next time).
Enter the very simple password
The system shuts down.

I tried creating a user account that did not require any password, but I kept getting a PAM authentication error.

I prefer not having any password, and connectbot can generate an ssh key. But the password is very simple, so this is good enough. It's just a home system.

BTW-1: I do this so I can watch movies from my plex server, which I have in my basement, while I am in bed. Then shut down the plex server so it won't be running all night. 

BTW-2: the IP addresses, and login names, etc. that I have been using are not what I actually use.


----------



## tobik@ (Aug 15, 2016)

walterbyrd said:


> I think a simple password is safe because all you can do is shutdown the system.


That's not true, once someone has your password they can effectively do everything that the shutdown user can do. If you give a command to run to ssh it'll never run your login shell i.e. what's in .profile will never get executed. But since this is at home, whatever


----------



## hukadan (Aug 15, 2016)

For the record, you can also use the ssh(1) key to perform the sudo(8) authentication using an ssh-agent(1) with security/pam_ssh_agent_auth. You will find all the details in this blog post.


----------



## phoenix (Aug 15, 2016)

Just add your remote user to the *operator* group, and they'll be able to run `shutdown` without needing sudo, su, or root.


----------

