Using exec node as root

General
1

I'm new here so first of all hello to everyone.

I have a Victron Cerbo GX with Venus OS and a node-red v3.1.10 instance is running there. Node-red itself works fine, but I have a problem that I lost remote access to the device via ssh. Access is only from the local network, but now I'm far away and unfortunately I don't have the ability to log in from the local network. Node-red is started by the nodered user and I need root access. I know the root password, I have access to the device console etc.

I could modify rc.local to start VPN and restore access. I'm trying to run various commands in the exec node, but everything works for the nodered user, using sudo requires entering the password from the terminal and this can't be done in the node, and ASK_SUDO and then sudo -A doesn't work in the exec node although I know it works on Venus OS itself (I checked on another device with the same configuration).

Does anyone have an idea how to run commands in the exec node as root?

2

I use this in an exec node on one of my flows to shutdown a Raspberry Pi.

echo " <insert password here> " | sudo -S shutdown -h now

thurs_shutdown
thurs_shutdown697×156 12.6 KB

Be cautious:
This exposes your password in plaintext, which is insecure and should be avoided in most situations.

3

A better idea, avoiding using your password in plain text in the flows file, is to use sudo your_command in the exec node, and, in a command window, run sudo visudo to allow the node red user to run that command with sudo without having to enter a password.
So, for example, to allow the use of sudo shutdown in an exec node, for the user nodered, use sudo visudo and add

nodered ALL=(ALL) NOPASSWD: /sbin/shutdown

1 Like
4

A tiny tweek to @dynamicdave's suggestion is to use (eg)

echo "Password1" | sudo -kS shutdown -h now

The -k flag resets the sudo timer, ensuring that sudo does ask for the password every time.

5

But still the system password is included in plain text in the flow, which is a really bad idea.

1 Like
6

Thanks for the quick replies.

@dynamicdave and @jbudd
Passing the password this way does not work on my Node-red instance. I tried a few other methods and they don't work in Node-red either.

@Colin
Modifying sudoers is possible for root via ssh, but I don't have that access and I want to get it. I'll do it when I get access :wink:

7

Don't modify the file directly, use visudo, unless there is really no other option. Otherwise you may end up with a messed up system.

8

Yes of course it is a really bad idea to expose your password in the flow file.

I think @lukjasin said he does not have ssh access. How can he run visudo?

9

Perhaps this is a feature of the Vicron setup, it works for me on a Raspberry Pi.

Can you show us your exec command and the output from exec's stderr?
Obfuscate your password before posting!

10

He said he is going to get it:

11

I read that as I'll do it when I get access [by Node-red jiggery-pokery]

I found that I can use exec and a sed command file to edit a root-owned file in a directory I don't have write access to.

echo 'Password1' | sudo -kS sed -i -f /home/pi/sedfile /var/log/junk
12

It would be dangerous to use something like that to edit /etc/sudoers as, if you mess that up, you can end up with an unusable system.

13

I spent quite a bit of time trying different ways to get around the limitations of VenusOS on a Cerbo GX using Node-red - mostly to try and regain access or run privileged commands directly from a flow. And turns out not much luck :sweat_smile:

Even though echo 'password' | sudo -S ... works fine in a terminal, it doesn’t behave the same in a node-red exec node. Looks like stdin doesn’t get passed to sudo properly in that context.
VenusOS comes with a super minimal version of sudo, no support for sudo_askpass (checked with sudo -V, nothing mentioned) and requires tty for password input, which node-red obviously doesn’t have.
I tried all the usual tricks (echo + sudo, askpass, custom scripts) but it always ends up failing or just silently doing nothing. So yeah, its not really possible to elevate privileges through ode-red alone on this system.

Guess I’ll need to find someone local to connetc into the Cerbo and fix things manually.

And damn… it’s been ages since I last used sed😄

14

@BartButenaers has made an xterm node https://github.com/bartbutenaers/node-red-contrib-xterm which allows you to run an interactive terminal in the Node-red sidebar.

No idea if it will work on a Victron but on a Raspberry Pi it allows me to do eg sudo nano /etc/hosts, prompting for the password.
I had to change the terminal settings to just 20 rows so I could see what I was editing.

I think a client who had prohibited access via ssh might take a dim view of me subverting it like this, but you may find it useful in an emergency.

15

Hi guys,

I asked around in few more places and one guy on the Victron forum gave me an idea and following that path I was able to solve the problem. This is rather a temporary solution but it seems pretty cool to me. You don't have to store any passwords written in plain text in the nodes, just ssh keys.

As you can see from previous posts, Venus OS on Cerbo GX as a minimalist distribution has a lot of limitations, and not all solutions known from, for example, Raspberry PI will work here. I’ll leave a quick summary here for the community in case someone runs into the same/simillar issue.

The solution was to use Node-Red’s exec node to create a reverse SSH tunnel from the Cerbo GX to a VPS with a public IP.
Here’s what I did:

  1. Generated SSH keys directly from Node-Red (so for user nodered) with exec node:

ssh-keygen -t rsa -b 2048 -N "" -f /data/home/nodered/.ssh/id_rsa

  1. Copied the public key id_rsa.pub (just "cat" it with exec node to debug) and added it to the ~/.ssh/authorized_keys file of a remote VPS user. Make sure permissions are correct:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

  1. Created the reverse SSH tunnel from Venus OS to the VPS with exec node:

ssh -i /data/home/nodered/.ssh/id_rsa -o StrictHostKeyChecking=no -p 22 -N -R 2222:localhost:22 USER@SERVERADDRESS

  1. Connected back to the Venus OS from the VPS:

ssh -p 2222 root@localhost

Then, log in with the root password. It can be set remotely in the Remote Console via the VRM Portal:
Settings → General → Set root password

With this method I was able to fully regain control of the system as root using only Node-Red and a VPS as a tunnel relay over the Internet, no need for local SSH access.
Hopefully, this helps someone else in a similar situation! :raising_hands:

1 Like
16

Thanks for explaining your solution. :grin:

That's one more tool in the "How to hack Node-red from the internet" box!

Now then, how do I obtain a free VPS to try brute forcing the root password (on my own computers!)?

2 Likes
17

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.