6 Replies Latest reply: Jan 8, 2011 9:11 PM by HBar Strategist
pkdip Level 1 Level 1 (0 points)
Hi All!

I would like to seek your help with some scripting to shut down a mac in the LAN.
I have a MacPro without a monitor and keyboard connected to the network.
Currently it is being used as a file server.

It would be great if someone could show me how to create a script I can run to shutdown the mac gracefully after office hours via another mac.

I plan to place the script on the desktop of the other macs, so they can just easily hit the script and let it run.

Thanks a lot!! :))

Dipp

MBP 15 2.4Ghz, Mac OS X (10.6.2), 4GB RAM. 320GB@7200 HD
  • CMCSK Level 6 Level 6 (10,595 points)
  • BobHarris Level 6 Level 6 (15,575 points)
    The biggest problem is giving each client Mac 'root' access to the server. And giving root access can be a security problem, so I hope you trust anyone with access to those client systems.

    The script itself could be as simple as an Applications -> Automator app that using the "Run Shell Script" action with the ssh command:

    ssh root@servers.address shutdown -h now

    But to give each client root access requires each users on each client Mac generate a no password ssh-keygen public/private key pair. Then copy the /Users/username/.ssh/*.pub file to the server, and store that contents of each *.pub file in the server's /private/var/root/.ssh/authorized_keys2 file.

    Another approach might be to create a server side /etc/sudoers entry that (see man sudoers) that allows a special shutdown account (that you create on the server) the right to shutdown the system. Then instead of putting the *.pub files in the server's root .ssh/authorized_keys2 file, you would put the *.pub files in the special shutdown account's .ssh/authorized_keys2 file. That way the worse that would happen if an unauthorized user got access to one of those Mac clients would be that they could shutdown the server, which while annoying, would not allow them full unlimited access to the server.

    The devil of course is in the details
  • pkdip Level 1 Level 1 (0 points)
    Hi Bob,

    Thanks for the info.

    I'll try the automator app although I did try running this and got an error.
    I'll try it again and follow your guide.

    Thanks again!!

    Dipp
  • Roger Wilmut1 Level 9 Level 9 (71,255 points)
    Would a scheduled shut down and start up be acceptable? - it would be a lot easier. System Preference>Energy Saver and click the 'Schedule' button. It can do weekdays only if required.
  • KJK555 Level 4 Level 4 (2,895 points)
    here is a link with good info for using launchd and applescript to shutdown the machine.
    http://www.afp548.com/forum/viewtopic.php?showtopic=26077

    You could adapt it to your machine easy using ssh. Use ssh to place a file in a folder. Have
    launchd watch for the change in folder content on the server. When it "sees" the uploaded file,
    it would start a script to delete the file, warn the users and start the shutdown.
  • HBar Strategist Level 1 Level 1 (0 points)
    First, enable hidden items using tinkertool (under general preferences) or the terminal command
    "defaults write com.apple.Finder AppleShowAllFiles YES"
    Then, follow the steps below in order to get applescript (or automator, or any other scripting application) to recognize that ssh-askpass exists.
    1. in terminal, run "sudo vi /usr/libexec/ssh-askpass"
    2. get info for /usr/libexec/ssh-askpass, it should be called
    .ssh-askpass.swp
    3. add your user as having read and write privileges using the admin password
    4. open .ssh-askpass.swp and copy the text below
    "#! /bin/sh # # An SSH_ASKPASS command for MacOS X # # Author: Joseph Mocker, Sun
    Microsystems # # To use this script: # setenv SSH_ASKPASS "macos-askpass" # setenv
    DISPLAY ":+0" # TITLE=${MACOSASKPASSTITLE:-"SSH"}

    DIALOG="display dialog \"$@\" default answer \"\" with title \"$TITLE\""
    DIALOG="$DIALOG with icon caution with hidden answer"

    result=`osascript -e 'tell application "Finder"' -e "activate" -e "$DIALOG" -e 'end
    tell'`

    if [ "$result" = "" ]; then exit 1 else echo "$result" | sed -e 's/^text
    returned://' -e 's/, button returned:.*$//' exit 0 fi"
    5. Save the file, you may need to enter the admin password
    6. in a new terminal window, enter "sudo chmod +x /usr/libexec/.ssh-askpass.swp"
    7. then enter "sudo mv /usr/libexec/.ssh-askpass.swp /usr/libexec/ssh-askpass"
    applescript should now recognize that ssh-askpass exists
    Adapted from "http://cakealot.com/2009/04/fixing-missing-ssh-askpass-on-macos-105/"
    The guide cited is useful, however it confuses the name of the ssh-askpass file when making it a unix executable file.
    The terminal commands must be in the format stated in my version of the guide (on 10.6 anyway), and the syntax of the sudo chmod +x command must be "sudo chmod +x /usr/libexec/.ssh-askpass.swp," not sudo chmod +x /usr/libexec/ssh-askpass" as stated by Kjell's guide on cakealot.

    After you have gotten the application to recognize ssh-askpass, open applescript and type in "do shell script 'ssh -t -t computer@server' password 'insert password here' with administrator privileges"
    "do shell script 'shutdown -h now' password 'insert password here' with administrator privileges"