running trigger on raspberry pi and trigger script on another pi
-
Re: trigger ssh command on raspberry pi
I have trigger command running on a raspberrry pi4 and trying to execute a script on another rasperry pi but it doesnt work. i can remote it to the other pi without a password using pi as the username. but using triggercmd the same command doesnt work. Do i need to copy authorized keys on the remote pi to another directory?
-
@thibou-justin, it's probably because the agent on the Raspberry Pi is running as root.
You said, "i can remote it to the other pi without a password using pi as the username" which I think means you're using ssh to run a command on the other pi like this?
ssh pi@otherpi ls /tmpIn that example I ran ls /tmp on the other Raspberry Pi across the local network via ssh, which gave me a listing of the /tmp folder on it.
Anyway, yes, assuming the above command works while logged in as the pi user, you need to generate a public/private key pair (id_rsa.pub / id_rsa files) while you're root on the Pi with the TRIGGERcmd agent like this:
sudo su - ssh-keygen (hit enter twice at the prompts)Then append the contents of /root/.ssh/id_rsa.pub to the /home/pi/.ssh/authorized_keys file on the remote Pi.
-
@Russ yes, my intention is to ssh into a remote pi , from triggercmd running on my "main pi" and have it execute a script or command.
And I was trying to figure exactly what you said out on my own ,since I had a similar issue you helped me with. I was thinking the same but didn't know exactly what I needed to do but makes logical sense, now that you explain it. I'll give that a shot. Thanks!
-
ok i already have an ssh key, since when running the command , it asks me if i wanted to overwrite, so for now i said no. and i went to that file /root/.ssh/id_rsa.pub and copied it to the remote /home/pi/.ssh/authorized_keys. I couldnt get it work,
But i dont think i copied it over correctly. Should i generate a new one, or use the old one? will this break other things i have if i overide and genreate a new one?
either case what is the simplest or correct way to append the keys to the authorized keys file? since i think my copy over screwed it up.
Also id_rsa in my root folder doesnt have a .pub on the end... is that fine?
-
@thibou-justin, there's no need to generate a new key pair if you already have one.
There should be a pair of files, in other words you should have 2 files:
- id_rsa = private key
- id_rsa.pub = public key
If the id_rsa file is in the ~/.ssh/id_rsa path, ssh will use it by default. If not you can tell ssh to use it with the -i parameter like this.
ssh -i /tmp/id_rsa pi@remotepiThe ssh-keygen command creates both files in the default location at ~/.ssh. FYI, ~ means the user's home directory which is /root in the case of root, so ~/.ssh/id_rsa = /root/.ssh/id_rsa when you're logged in as root.
Your public key file is safe to share, so you could paste the contents of your authorized_keys file here if you want. If I see it, I could tell you it's correct or not. It basically should be a perfect copy of the id_rsa.pub file, unless you've got multiple public keys listed in it.
I use the vi editor, but most new users like to use pico or nano to edit text files.
-
@russ Thanks for the explanation. I was messing with it and i did get it working. although i didnt sue the pub key soooo i dont know why its working. Maybe since i copied my private key over to the remote pi , that allowed it to work?
i did notice that when i was root, and ran "ssh pi@ipaddress /test.sh" it asked me to "fingerprint" the remote pi , which i said yes.
The script started workign via triggercmd , after that, but i also edited the authorized_keys on the remote pi again (with nano). the remote pi had another key in there and i just mirrored the syntax.
so at this point its working, maybe i needed to fingerprint the remote pi ? maybe i just fixed the authorized keys file? either way thanks for your help!
-
@thibou-justin, yea the first time you ssh into a remote box, it will ask prompt you to accept the server's fingerprint. If you hadn't done that first, that might be why the command wasn't working.
You definately do need root's local public key (id_rsa.pub) in the remote pi's authorized_keys file though. You could put it in root's or pi's authorized_keys file depending on which user you want to be able to login as on the remote pi.
