Shutdown Linux from Windows Remotely using SSH Host keys

Today I wanted to go about fixing my Windows Small Business Server 2003 server, which is connected via APC UPS along with a Gentoo Linux box running my Asterisk PBX to send a shutdown command if the power goes out. I'm not rich (yet) so I'm not able to afford a fancy UPS. Instead the one I have only has one monitoring cable. So, I had to create a way to shut down the Linux box on power failure, while also shutting down the Windows box too. Minimal Data loss is always a good thing.

Here's what I did, with some help from a buddy of mine who'd implemented this before but not documented it.

1. Now let's add a shutdown user to the linux box.

# groupadd winshutdown
# adduser -d /home/winshutdown -g users -G winshutdown -m -s /bin/bash winshutdown
# passwd winshutdown
New UNIX password: <password>
Retype new UNIX password: <password>
passwd: password updated successfully

2. Go over to your windows system, and download PuttyGen.exe. Put it in your c:\LinuxShutdown directory and run it.

First Create your directory

Now, create a 1024 bit key by running puttygen.exe. Make sure it's DSA.

Move your mouse around and then it should finish generating your new key.

Once it is finished, you need to copy out the dss key that goes into your authorized_keys file on the Linux server. Put this in a text file for now for safe keeping.

Note that you do not enter a passphrase to the key, otherwise when the script is activated it will ask for this password.

Now you save your private and public key under the actions menu.

Now you should have a private, and public key in the c:\LinuxShutdown directory

3. Go to your Linux server and make the hostkey only able to run the shutdown command. We chose to halt, and then power down immediately.

<login as winshutdown>
# cd .ssh
# nano authorized_keys
<paste contents of puttygen file we copied earlier>
from="10.0.3.2",command="sudo /sbin/shutdown -h -P now" ssh-dss

4. Ensure that the user created above "winshutdown" has sudo abilities for shutdown.

# exit <back to root shell>
# cd /etc
# visudo

Your file should look like this to begin with

# User privilege specification
root ALL=(ALL) ALL

When finished it should look like this

# User privilege specification
root ALL=(ALL) ALL
winshutdown ALL = NOPASSWD: /sbin/shutdown

6. Go to your Windows Server LinuxShutdown folder with the private key, public key, plink.exe and puttygen.

7. In the same folder create a batch file. Right click in the folder and go down to new, text document. Save it as shutdown_asterisk.bat.

8. Edit the batch file, and it's contents should look something like this. Modify appropriately for your key file name.

@plink -T winshutdown@10.0.2.10 -i sbs_private_key.ppk sudo /sbin/shutdown -h -P now

9. Test it by running the batch file. Your Linux server should shut down.

10. Set your alarm on low power to run your batch file.

First Go to Start -> Control Panel -> Power Options

Once you're in your Power Options window. Select the Alarms tab.

Now we'll want to look at the "Critical Battery Alarm" section, and click on the "Alarm Action" button. This should pop up a screen similar to the following.

Now we'll need to go to the "Run a Program" section, and enable the "When the alarm occurs, run this program:" option.

This is where the magic happens. We'll make this run our newly created batch file on battery alarm to shutdown the remote server. Enter in the path to your batch script in the new window that pops up.

Now you will just need to enter your Administrator password for your server in the little window that pops up.

Now Click Apply, Ok, Ok, Apply, Ok. You're finished with this setup.

11. Backup all data.

12. Pull the plug on UPS and ensure it does everything it should (windows stays up for 3 minutes, then sends shutdown command, and both boxes shut down).

I hope you enjoyed this little tutorial, please let me know if it helped you in the comments below.