Using exec node as root

Modifications Node-RED
, , ,
1

This is my first post here so first of all hello to everyone.

I have a Victron Cerbo GX with Venus OS and a node-red v3.1.10 instance is running there. Due to incorrect VPN configuration after a firmware update I lost remote access to the device via ssh. Access is only from the local network, but now I’m far away and unfortunately I can’t log in from there. I still have access to VRM Portal, Remote Console, etc.

I thought I could modify rc.local to run VPN using node-red and the exec node. Unfortunately, using sudo requires entering a password from the terminal and this can’t be done on the node, and ASK_SUDO and then sudo -A doesn’t work on the exec node.

Does anyone have an idea how to run commands on the exec node as root? Or maybe there is another way?

2

Hi @lukjasin

Long shot but could you use node red exec to make a reverse ssh tunnel.

So essentially get gx device to ssh into a machine local to you.
Like:

ssh -R <remote_port>:localhost:22 username@<remote_host>

Then you can ssh into the gx. I’m guessing this exec’s as node red user, but you’d at least have shell access and can su root?

I’ve never tried this and not too experienced with node red exec node to know if this would work just completely guessing.

1 Like
3

Hi @Matt

Thanks a lot. Your suggestion really pointed me in the right direction. I followed that path and, after a fun little challenge, I finally got remote SSH access to the Cerbo GX over the internet.

I’ll leave a quick summary here for the community in case someone runs into the same issue. Hopefully it saves them a bit of time and frustration.

The solution was to use Node-RED’s exec node to create a reverse SSH tunnel from the Cerbo GX to a VPS with a public IP.
Here’s what I did:

  1. Generated SSH keys directly from Node-RED (for user nodered) with exec node:

ssh-keygen -t rsa -b 2048 -N "" -f /data/home/nodered/.ssh/id_rsa

  1. Copied the public key (id_rsa.pub) and added it to the ~/.ssh/authorized_keys file of a remote VPS user. To read the file just “cat” it with exec node to debug. Any account that we can log into via ssh should be suitable. Make sure permissions are correct:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

  1. Created the reverse SSH tunnel from Venus OS to the VPS with exec node:

ssh -i /data/home/nodered/.ssh/id_rsa -o StrictHostKeyChecking=no -p 8022 -N -R 2222:localhost:22 USER@SERVERADDRESS

  1. Connected back to Venus OS from the VPS:
    ssh -p 2222 root@localhost

Then, you only need the root password. It can be set remotely in the Remote Console via the VRM Portal:
Settings → General → Set root password

With this method I was able to fully regain control of Venus OS as root using only Node-RED and a VPS as a tunnel relay over the Internet, no need for local ssh access.

Hopefully, this helps someone else in a similar situation! :raising_hands:

1 Like