Top
Browse > Home / Howtos, News / Shutdown Linux from Windows Remotely using SSH Host keys

Shutdown Linux from Windows Remotely using SSH Host keys

October 22, 2007

Today I wanted to go about fixing my Windows Small Business Server 2003 server, which is connected via APC UPS along with a Gentoo Linux box running my Asterisk PBX to send a shutdown command if the power goes out. I'm not rich (yet) so I'm not able to afford a fancy UPS. Instead the one I have only has one monitoring cable. So, I had to create a way to shut down the Linux box on power failure, while also shutting down the Windows box too. Minimal Data loss is always a good thing.

Here's what I did, with some help from a buddy of mine who'd implemented this before but not documented it.

1. Now let's add a shutdown user to the linux box.

# groupadd winshutdown
# adduser -d /home/winshutdown -g users -G winshutdown -m -s /bin/bash winshutdown
# passwd winshutdown
New UNIX password: <password>
Retype new UNIX password: <password>
passwd: password updated successfully

2. Go over to your windows system, and download PuttyGen.exe. Put it in your c:\LinuxShutdown directory and run it.

First Create your directory

capture.JPG

Now, create a 1024 bit key by running puttygen.exe. Make sure it's DSA.

capture2.JPG

Move your mouse around and then it should finish generating your new key.

capture3.JPG

Once it is finished, you need to copy out the dss key that goes into your authorized_keys file on the Linux server. Put this in a text file for now for safe keeping.

capture4.JPG

Note that you do not enter a passphrase to the key, otherwise when the script is activated it will ask for this password.

capture5.JPG

Now you save your private and public key under the actions menu.

capture6.JPG

Now you should have a private, and public key in the c:\LinuxShutdown directory

capture7.JPG

3. Go to your Linux server and make the hostkey only able to run the shutdown command. We chose to halt, and then power down immediately.

<login as winshutdown>
# cd .ssh
# nano authorized_keys
<paste contents of puttygen file we copied earlier>
from="10.0.3.2",command="sudo /sbin/shutdown -h -P now" ssh-dss

4. Ensure that the user created above "winshutdown" has sudo abilities for shutdown.

# exit <back to root shell>
# cd /etc
# visudo

Your file should look like this to begin with

# User privilege specification
root ALL=(ALL) ALL

When finished it should look like this

# User privilege specification
root ALL=(ALL) ALL
winshutdown ALL = NOPASSWD: /sbin/shutdown

6. Go to your Windows Server LinuxShutdown folder with the private key, public key, plink.exe and puttygen.

7. In the same folder create a batch file. Right click in the folder and go down to new, text document. Save it as shutdown_asterisk.bat.

8. Edit the batch file, and it's contents should look something like this. Modify appropriately for your key file name.

@plink -T winshutdown@10.0.2.10 -i sbs_private_key.ppk sudo /sbin/shutdown -h -P now

9. Test it by running the batch file. Your Linux server should shut down.

10. Set your alarm on low power to run your batch file.

First Go to Start -> Control Panel -> Power Options

cap1.JPG

Once you're in your Power Options window. Select the Alarms tab.

cap2.JPG

Now we'll want to look at the "Critical Battery Alarm" section, and click on the "Alarm Action" button. This should pop up a screen similar to the following.

cap3.JPG

Now we'll need to go to the "Run a Program" section, and enable the "When the alarm occurs, run this program:" option.

cap4.JPG

 

This is where the magic happens. We'll make this run our newly created batch file on battery alarm to shutdown the remote server. Enter in the path to your batch script in the new window that pops up.

cap5.JPG

Now you will just need to enter your Administrator password for your server in the little window that pops up.

cap6.JPG

Now Click Apply, Ok, Ok, Apply, Ok. You're finished with this setup.

11. Backup all data.

12. Pull the plug on UPS and ensure it does everything it should (windows stays up for 3 minutes, then sends shutdown command, and both boxes shut down).

I hope you enjoyed this little tutorial, please let me know if it helped you in the comments below.

Written by Voip Phreak · Filed Under Howtos, News 

Comments

11 Responses to “Shutdown Linux from Windows Remotely using SSH Host keys”

  1. sridhar on February 27th, 2008 2:30 am

    nice one…. but all i get is connection refused :(

  2. Voip Phreak on February 27th, 2008 4:34 am

    hm, i’m not sure why this would be happening. can you provide more info of your logs?

  3. networks on July 8th, 2008 8:19 pm

    Great howto! Excellent functionality when you’ve got a couple of linux servers dependent on a ups that has its comms connected to a windoze box. On debian Etch I had to use ‘useradd’ instead of ‘adduser’, apart from that it all worked first go.

    Keep up the good work!

    Cheers

  4. Uninterruptible Power Supplies ยป Woodruff Research on August 18th, 2008 12:11 pm

    [...] that still doesn’t work, I think I may have a work around. This post on voipfreak.ca explains how to remotely shutdown a Linux machine from Windows (so that covers our 1 Linux box), [...]

  5. Dylan on September 13th, 2008 12:07 pm

    Good guide and just what I needed. Personally I had problems with the public private keys. So I checked the commandline help of plink and found you can specify the password on the command line. Not as secure as whats detailed above, but still effective. Use
    plink -T winshutdown@10.0.2.10 -pw sudo /sbin/shutdown -h -P now
    Also, Im using fedora which has some additional defaults in the sudoers file. If your getting the error “sudo: sorry, you must have a tty to run sudo”
    you need to comment out “Default requiretty” (put a “#” before it)

  6. Dylan on September 13th, 2008 12:09 pm

    Comment filter changed my code. heres the plink syntax again
    plink -T winshutdown@10.0.2.10 -pw yourpasswordhere sudo /sbin/shutdown -h -P

  7. Remote Shutdown Help Please - Astaro User Bulletin Board on October 8th, 2008 11:37 am

    [...] found this I am wondering if I can create this user, or use the existing user account then SU to root and [...]

  8. ians on December 2nd, 2008 2:04 pm

    Thank you a lot, without your text I would never know where to start. Differencies from your tutorial and problems I’ve encountered:
    1) I had to use “useradd” instead of adduser
    2) When generating the public key to paste to authorized_keys, putty created as last “word” something like rsa-key-20081010. I’m not sure if that was the only reason for authentication failure but I had to put the user@machinename there instead of that word. So all in all I had to put the from=xx,command=xxx as the first thing in the line and then only ssh-rsa thebinaryencoding and then user@machine as the rest of the long line, everything separated by spaces (note that the order is different than what you published)
    3) Then I had to chmod 700 .ssh directory and chmod 600 authorized_keys
    4) I believe I had to edit the conf file of sshd to allow connection of the group winshutdown over ssh
    5) according to sshd man page, the end of the plink line (after the .ppk) can be anything, if the command inside of authorized_keys is recognized, and the command provided through the plink will be ignored.

    Thanks again!

  9. Ken Patel on March 10th, 2009 12:42 am

    Can anyone please post the exact order of the authorized_keys please

  10. Humberto Sousa on October 8th, 2009 6:39 am

    Outstanding !…
    Works perfectly from windows 2000 server to OpenSUSE 11.1 64
    just change adduser to useradd …

    Great Job!

  11. Hugo Meza on March 15th, 2010 2:02 am

    THNKS A LOT!!

    It works correctly in Windows 7 Pro and Ubuntu 8.04, of course I have to use useradd instead of adduser.

    Greetings.

Got something to say?





Bottom