This is something I have wanted to do for a long time. Let’s say you have a Node Red flow and want to restart your remote Raspberry or some other server. This sounds like a very simple thing to do but it is more difficult then you might think. Why?
- You will not be able to execute a remote command without sudo
- Because your Node Red is running in a container and not the actual server itself
- If you create ssh keys it will be for the host, not the container
- If you create keys they might be lost when the container is rebuilt
- If the container is not running as root you might and up with an error
So let´s start by adding persistent storage to for the keys. I have modified my docker compose file like below. Adding the ssh volume.
nodered: container_name: node-red restart: unless-stopped image: nodered/node-red:latest user: root volumes: - /srv/docker/node-red/user:/data - /etc/localtime:/etc/localtime:ro - /srv/docker/node-red/~/.ssh:/root/.ssh ports: - "1880:1880"
By default, SSH will ask for password authentication each time. However, in this case that won’t work. To overcome this, we can use public-private key.
Generate public-private key pair
Execute this command on your docker container. I have used Portainer and pressed the console button to do this.
Now look in the /srv/docker/node-red/~/.ssh directory to make sure the key file is present there.
Add public key to on remote host
To do this is, use ssh-copy-id command. From the docker container host.
$ ssh-copy-id -i ~/.ssh/id_rsa.pub firstname.lastname@example.org
Now try to connect from the Docker container
Disabling SSH Password Authentication (optional)
You do not want to be forced to type the sudo password all the time.
Add a new user on the destination server.
sudo adduser nodred usermod -a -G sudo nodered
Login as the new user on this machine. Open the SSH configuration file /etc/ssh/sshd_config, search for the following directives and modify as it follows:
sudo vi /etc/ssh/sshd_config
Change like below
PasswordAuthentication no ChallengeResponseAuthentication no UsePAM no
Once you are done save the file and restart the SSH service.
sudo systemctl restart ssh
You might not want to do this step above as you won’t be able to login using passwords after!
Get rid of password (Optinal)
So how do we get rid of the password prompt? For example you might run sudo vi text.txt and the password prompt will be shown. You do not want this as the exec node will fail later on.
I got some strange errors when using vim so you can change the default editor if you want to.
sudo update-alternatives --config editor
Go down to the bottom of the file, add the following line: (nodered is the username)
nodered ALL=(ALL) NOPASSWD: ALL
Save and exit the file, Run command:
To test login as nodered user if you do not already are login.
You should not be prompted for a password
Wrapping it up with Node Red
I planned to use the Exec Node but had problems getting this working so I the the big ssh node instead.
Install the node via palette. Add a timestamp and configure the destinationhost you have been setting up above. Press the button and watch the magic happens. It reboots!
You might want to do the same procedure with more servers.