Monday, October 19, 2009

UPS Scripts/Procedure : Shutdown a Linux server from Windows.

When running APC PowerChute on a windows server and executing a command script on some events like we saw previously, it can be necessary to shudown a linux server too.

  1. On your Windows server running PowerChute, create a folder (eg. C:\ShutdownScripts) and copy in it plink and puttygen that you can download here

    Puttygen will create ssh keys, and plink will execute a command on a remote machine using an ssh connection.

  2. Run puttygen and create a pair of ssh keys (public/private) using SSH-2 DSA / 1024 in the same folder. You will generate two files, sshkey.pub and sshkey.ppk.

  3. Create a batch file locally (shutdownLinuxServers.bat) and add commands like :
    cd C:\ShutdownScripts
    @plink -T powerchute@mylinuxserver1 -i sshkey.ppk sudo /sbin/shutdown -h -P now
    @plink -T powerchute@mylinuxserver2 -i sshkey.ppk sudo /sbin/shutdown -h -P now
    ....

    This will ssh to your linux servers with the powerchute account to halt and shut them down .

  4. On the linux server(s) side, you will need to create a user account able to shutdown the server.

  5. Create the powerchute account :
    useradd -m -d /home/powerchute -g users -s /bin/bash powerchute

  6. In the home folder of the user powerchute (/home/powerchute), create a subfolder .ssh (rights 700), and add it a blank file called authorized_keys (touch authorized_keys) (rights 644)

  7. Copy the content of your sshkey.pub in the file authorized_keys

  8. Append this command at the end of authorized_key, after the public key :
    from=myWindowsServer,command=sudo /sbin/shutdown -h -P now ssh-dss
    Where myWindowsServer is the DNS name or IP of your server running APC PowerChute.

    Your file authorized_key should look like this :
    ssh-dss AAAB3NzaC1kc3MAAACBAOEIj5Hm0ByaNObfUPhpboS0fONW9WqATYXjGi/wlmJipxBNo+//WooNdfeMN9bCqlbT7Z0eXfL+r4Xdmqp........svjduAB2mbQ== dsa-key-20091009 from=192.168.192.50,command=sudo /sbin/shutdown -h -P now ssh-dss

  9. Edit the sudoers file :
    > visudo

  10. Search for this block and comment the last line :
    # Defaults specification
    #
    # Disable "ssh hostname sudo ", because it will show the password in clear.
    # You have to run "ssh -t hostname sudo ".
    #
    # Defaults requiretty <-- commented

  11. Search for this block and add the last line :
    # User privilege specification
    root ALL=(ALL) ALL
    powerchute ALL = NOPASSWD: /sbin/shutdown

  12. On your Windows server, add C:\ShutdownScripts\shutdownLinuxServers.bat to your APC PowerChute script (C:\Program Files\APC\PowerChute Business Edition\agent\cmdfiles\default.cmd)
Posted by at
Labels: ,

4 comments:

  1. AnonymousAugust 17, 2012 at 8:26 AM

    What are the odds I could get some more detail on steps 10 & 11? What files am I editing here? I can't find the text you're referencing.

    ReplyDelete
  2. aSeptember 2, 2012 at 7:08 PM

    The file you are looking for is normally /etc/sudoers

    ReplyDelete
  3. SarahJuly 1, 2018 at 4:14 PM

    Means the content author has couple of solid focuses that are sufficient consequently can continue subsequent to taking care of various issues featured. script doctor

    ReplyDelete
  4. AnonymousJuly 24, 2025 at 4:32 PM

    D8457F03E9
    kiralık hacker
    hacker arıyorum
    belek
    kadriye
    serik

    ReplyDelete

Subscribe to: Post Comments (Atom)