Run SSH via script to shutdown mac

Question

Level 1

0 points

Run SSH via script to shutdown mac

Hi All!

I would like to seek your help with some scripting to shut down a mac in the LAN.
I have a MacPro without a monitor and keyboard connected to the network.
Currently it is being used as a file server.

It would be great if someone could show me how to create a script I can run to shutdown the mac gracefully after office hours via another mac.

I plan to place the script on the desktop of the other macs, so they can just easily hit the script and let it run.

Thanks a lot!! :))

Dipp

MBP 15 2.4Ghz, Mac OS X (10.6.2), 4GB RAM. 320GB@7200 HD

Posted on Nov 17, 2010 7:29 PM

Reply

Answer 1

Best reply

CMCSK

Level 6

11,452 points

Nov 17, 2010 7:56 PM in response to pkdip

Try the AppleScript forum area - http://discussions.apple.com/forum.jspa?forumID=724

Reply

Answer 2

BobHarris

Level 9

53,009 points

Nov 17, 2010 8:04 PM in response to pkdip

The biggest problem is giving each client Mac 'root' access to the server. And giving root access can be a security problem, so I hope you trust anyone with access to those client systems.

The script itself could be as simple as an Applications -> Automator app that using the "Run Shell Script" action with the ssh command:


ssh root@servers.address shutdown -h now

But to give each client root access requires each users on each client Mac generate a no password ssh-keygen public/private key pair. Then copy the /Users/username/.ssh/*.pub file to the server, and store that contents of each *.pub file in the server's /private/var/root/.ssh/authorized_keys2 file.

Another approach might be to create a server side /etc/sudoers entry that (see man sudoers) that allows a special shutdown account (that you create on the server) the right to shutdown the system. Then instead of putting the *.pub files in the server's root .ssh/authorized_keys2 file, you would put the *.pub files in the special shutdown account's .ssh/authorized_keys2 file. That way the worse that would happen if an unauthorized user got access to one of those Mac clients would be that they could shutdown the server, which while annoying, would not allow them full unlimited access to the server.

The devil of course is in the details 🙂

Reply

Answer 3

pkdip Author

Level 1

0 points

Nov 17, 2010 10:36 PM in response to BobHarris

Hi Bob,

Thanks for the info.

I'll try the automator app although I did try running this and got an error.
I'll try it again and follow your guide.

Thanks again!!

Dipp

Reply

Answer 4

Nov 17, 2010 11:39 PM in response to pkdip

Would a scheduled shut down and start up be acceptable? - it would be a lot easier. System Preference>Energy Saver and click the 'Schedule' button. It can do weekdays only if required.

Reply

Answer 5

KJK555

Level 4

2,900 points

Nov 18, 2010 12:17 AM in response to pkdip

here is a link with good info for using launchd and applescript to shutdown the machine.
http://www.afp548.com/forum/viewtopic.php?showtopic=26077

You could adapt it to your machine easy using ssh. Use ssh to place a file in a folder. Have
launchd watch for the change in folder content on the server. When it "sees" the uploaded file,
it would start a script to delete the file, warn the users and start the shutdown.

Reply

Answer 6

Jan 8, 2011 9:11 PM in response to pkdip

First, enable hidden items using tinkertool (under general preferences) or the terminal command
"defaults write com.apple.Finder AppleShowAllFiles YES"
Then, follow the steps below in order to get applescript (or automator, or any other scripting application) to recognize that ssh-askpass exists.
1. in terminal, run "sudo vi /usr/libexec/ssh-askpass"
2. get info for /usr/libexec/ssh-askpass, it should be called
.ssh-askpass.swp
3. add your user as having read and write privileges using the admin password
4. open .ssh-askpass.swp and copy the text below
"#! /bin/sh # # An SSH_ASKPASS command for MacOS X # # Author: Joseph Mocker, Sun
Microsystems # # To use this script: # setenv SSH_ASKPASS "macos-askpass" # setenv
DISPLAY ":+0" # TITLE=${MACOS ASKPASSTITLE:-"SSH"}

DIALOG="display dialog \"$@\" default answer \"\" with title \"$TITLE\""
DIALOG="$DIALOG with icon caution with hidden answer"

result=`osascript -e 'tell application "Finder"' -e "activate" -e "$DIALOG" -e 'end
tell'`

if [ "$result" = "" ]; then exit 1 else echo "$result" | sed -e 's/^text
returned://' -e 's/, button returned:.*$//' exit 0 fi"
5. Save the file, you may need to enter the admin password
6. in a new terminal window, enter "sudo chmod +x /usr/libexec/.ssh-askpass.swp"
7. then enter "sudo mv /usr/libexec/.ssh-askpass.swp /usr/libexec/ssh-askpass"
applescript should now recognize that ssh-askpass exists
Adapted from "http://cakealot.com/2009/04/fixing-missing-ssh-askpass-on-macos-105/"
The guide cited is useful, however it confuses the name of the ssh-askpass file when making it a unix executable file.
The terminal commands must be in the format stated in my version of the guide (on 10.6 anyway), and the syntax of the sudo chmod +x command must be "sudo chmod +x /usr/libexec/.ssh-askpass.swp," not sudo chmod +x /usr/libexec/ssh-askpass" as stated by Kjell's guide on cakealot.

After you have gotten the application to recognize ssh-askpass, open applescript and type in "do shell script 'ssh -t -t computer@server' password 'insert password here' with administrator privileges"
"do shell script 'shutdown -h now' password 'insert password here' with administrator privileges"

Reply