Remote execution of a script trigged by Particle cloud event


#1

I am using two Raspberry Pis : one gets triggered from the particle cloud, connects to the second over ssh and executes a bash script on it. I got it running using the following code:

First Pi, firmware:

#include <fcntl.h>
#include <unistd.h>
#include <stdio.h>

#include "Particle.h"

void doCall(String arguments){
    Particle.publish(arguments);
  Process proc = Process::run(arguments);
    proc.wait();
    while (!proc.exited()) {
        delay(1000);   
    }

    Particle.publish(String("exit_code ")+String(proc.exitCode()));
    delay(1000);   
}

void stdoutEventHandler(const char *event, const char *data){
    //Particle.publish("pi received a tv event");
    String arguments {data}; 
    
    String command {"/home/userone/scripts/remote_tv_command.sh "};
    String command_and_arguments{command +arguments};
    //Particle.publish(command_and_arguments);
    doCall(command_and_arguments);
}

void setup() {
    Particle.subscribe("homeTvEvent", stdoutEventHandler);
    Particle.publish("Alive!");
}

void loop() {
}

First Pi, trigger script /home/userone/scripts/remote_tv_command.sh:

#!/bin/bash

command="sshpass -p 'UserTwoPassword' ssh -oStrictHostKeyChecking=no usertwo@192.168.0.101 'cd ~/scripts/flirc && ./tv_command.sh $1'"
eval $command

Second pi, tv_command.sh:

#!/bin/bash

echo $1 # to be used later
sudo ./flirc_util send_ir_raw 0,9170,4365,617,472,618,472,617,1600,617,473,617,472,617,473,617,472,617,473,617,1600,613,1604,613,477,613,1604,613,1601,617,1600,618,1600,617,1606,637,447,617,472,617,473,643,1574,617,472,617,473,617,489,601,472,617,1600,629,1588,618,1600,617,472,617,1601,617,1600,617,1600,587,1630,613

I would like to have a solution where I don’t type the password for usertwo in cleartext. I have therefore generated a ssh fingerprint as described here. SSH-ing manually from the first to the second pi requires no password, but when I call it from the firmware, it doesn’t get through. Can anyone please help with the matter?

Many thanks in advance.


#2

I think when the Pi calls the script through the firmware it does it as root. You should check if the ssh fingerprint works with root/sudo.


#3

can a maintainer please try to reproduce? I see no reason why a normal ssh fingerprint should not work. If what @nrobinson2000 says is true, and the firmware runs a Process::run as root, it should at least have an overload specifying the user one would like to run as.


#4

This thread might help you:


#5

Ashamed I didn’t think about it earlier. Thank you loads, @nrobinson2000! It works now.