chorlton2080
Posts: 129
Joined: Sun Dec 23, 2012 9:44 pm

Issue commands via email

Sun Dec 01, 2013 1:58 pm

Hello folks

Can anyone provide an example script which will allow me to issue commands to my Pi via email?

I'm very reluctant to open ports to allow external SSH, but I do have an occasional need to do a reboot of my motion detecting RPi on command, along with other sundry tasks which might prove useful.

Thanks in advance

User avatar
FLYFISH TECHNOLOGIES
Posts: 1750
Joined: Thu Oct 03, 2013 7:48 am
Location: Ljubljana, Slovenia
Contact: Website

Re: Issue commands via email

Sun Dec 01, 2013 2:36 pm

Hi,
chorlton2080 wrote:Can anyone provide an example script which will allow me to issue commands to my Pi via email?
The script depends on the "security level" you'd like to have (eg. to check if sender is allowed, or the email body contains a predefined "password" string, etc.

If you'd like just to reboot RasPi, then the simplest one is to monitor mail log file - when a mail from predefined sender arrives, you perform a reboot. You need to be aware that it is very easy to fake the sender...

The other approach is to take a look to the content of message (also in case you have a set of allowed/supported commands). This implementation requires a redirection of message content. There are some specifics according to your distribution/mailer how to do this.
Redirection means that you launch a code and content of the incoming message is passed to it (including header, where sender, subject, etc. data is also present). You perform parsing, check content and do same action according to it.
Variation could be that you have intermediate file - mail is redirected to a file and then a code loops (eg. cron job) for it and parses/executes content.

Some years ago I did some coding, where redirection was defined in /etc/aliases and (due to some other reasons) php parsing code launched & executed. If you have more specific question, feel free to ask.

Nevertheless, this is nothing specific to RasPi, but covered under general Linux administration. So, you can also perform a search for further explanation and examples for your distribution.


Best wishes, Ivan Zilic.
Running out of GPIO pins and/or need to read analog values?
Solution: http://www.flyfish-tech.com/FF32

chorlton2080
Posts: 129
Joined: Sun Dec 23, 2012 9:44 pm

Re: Issue commands via email

Sun Dec 01, 2013 4:21 pm

Thanks for the comprehensive reply.

I of course realise that this is not Pi specific and is something one could accomplish with python on any OS. However, I did search around prior on Ubuntu and general linux forums but could not find anything appropriate. Perhaps it is the way I am searching.

Although I haven't used Python SMTP libraries to read email, I am currently using it to send images from a motion control script. I'm a little new to Python so I'm not yet sure how to read an email Inbox and apply string functions to filter for specific action-triggering events. I would be content with having a keyword within the email to trigger a limited command: reboot. I can tolerate the security issues as the consequence is limited.

I imagine that the script will be called to start via 'cron' to periodically check for new emails and so should thus be running at root user level.

If you could provide any hints, or a template, I would be very grateful

User avatar
duberry
Posts: 379
Joined: Mon Jan 28, 2013 10:44 pm
Location: standing on a planet that's evolving. And revolving at nine hundred miles an hour

Re: Issue commands via email

Sun Dec 01, 2013 4:31 pm

chorlton2080 wrote:If you could provide any hints, or a template, I would be very grateful
If im not mistaken i'v seen one or more topics covering this .
lend me your arms, fast as thunderbolts, for a pillow on my journey.
If the environment was a bank, would it be too big to fail
so long; and thanks for all the pi

chorlton2080
Posts: 129
Joined: Sun Dec 23, 2012 9:44 pm

Re: Issue commands via email

Sun Dec 01, 2013 4:38 pm

Any idea where?

chorlton2080
Posts: 129
Joined: Sun Dec 23, 2012 9:44 pm

Re: Issue commands via email

Sun Dec 01, 2013 4:43 pm

Ok. Perhaps I need to use the feedparser library. I was searching for the answer using the SMTP lib.

Searching for the former does yield a few examples.

User avatar
DougieLawson
Posts: 41020
Joined: Sun Jun 16, 2013 11:19 pm
Location: A small cave in deepest darkest Basingstoke, UK
Contact: Website Twitter

Re: Issue commands via email

Sun Dec 01, 2013 6:45 pm

chorlton2080 wrote:Hello folks

Can anyone provide an example script which will allow me to issue commands to my Pi via email?

I'm very reluctant to open ports to allow external SSH, but I do have an occasional need to do a reboot of my motion detecting RPi on command, along with other sundry tasks which might prove useful.

Thanks in advance
Have you thought about using Twitter?

The direct message channel on twitter is reasonably secure. Setting your Twitter account as protected means other Twitter users can't follow and you could use the public stream for command & control. Dr Andy Stanford Clark on the Isle of Wight uses that as his public channel for "The House that Tweets".

Twitter uses port 80, your client simply needs to check periodically if a tweet has arrived.

Have you thought about using MQTT (with Mosquitto) as a server? You publish a message on a MQTT topic and your command server which is subscribed to that topic reacts.

The command can come from a web page.
https://www.ibm.com/developerworks/comm ... x_and_gpio
Any language using left-hand whitespace for syntax is ridiculous

Any DMs sent on Twitter will be answered next month.
Fake doctors - are all on my foes list.

Any requirement to use a crystal ball or mind reading will result in me ignoring your question.

User avatar
FLYFISH TECHNOLOGIES
Posts: 1750
Joined: Thu Oct 03, 2013 7:48 am
Location: Ljubljana, Slovenia
Contact: Website

Re: Issue commands via email

Sun Dec 01, 2013 7:17 pm

Hi,
chorlton2080 wrote:If you could provide any hints, or a template, I would be very grateful
A link with several details about one possible approach: http://www.techniqal.com/blog/2005/11/1 ... rom-email/


Best wishes, Ivan Zilic
Running out of GPIO pins and/or need to read analog values?
Solution: http://www.flyfish-tech.com/FF32

ElmoArmy
Posts: 3
Joined: Sun Dec 01, 2013 7:07 pm

Re: Issue commands via email

Sun Dec 01, 2013 7:31 pm

I'm very reluctant to open ports to allow external SSH, but I do have an occasional need to do a reboot of my motion detecting RPi on command, along with other sundry tasks which might prove useful.
If configured correctly you can make SSH work a lot better than these other hacked up solutions. I would recommend setting up SSH on a non-standard port and only allowing key authentication. I know this is not exactly an answer to question but I just wanted to leave this as a comment.

chorlton2080
Posts: 129
Joined: Sun Dec 23, 2012 9:44 pm

Re: Issue commands via email

Sun Dec 01, 2013 8:04 pm

I agree. But I struggled for hours to get key authentication to work: and it doesn't exclude a client trying to log in under password based authentication as a fallback it seems.

How high would you need to set the SSH port to have a good chance of it not normally being discovered by port scanning?

ElmoArmy
Posts: 3
Joined: Sun Dec 01, 2013 7:07 pm

Re: Issue commands via email

Sun Dec 01, 2013 9:16 pm

chorlton2080 wrote:I agree. But I struggled for hours to get key authentication to work: and it doesn't exclude a client trying to log in under password based authentication as a fallback it seems.

How high would you need to set the SSH port to have a good chance of it not normally being discovered by port scanning?
Well if you needed help, all you had to do was ask!!
Here is what you want to do:

Code: Select all

# run this on the PI
ssh-keygen -t rsa
# run through the prompts, feel free to use a passphrase or not, if you are the only one that will have access to your private key, then I wouldn't worry about it.
# the keys should be in /home/pi("or whatever user you want to ssh as"/.ssh/ unless you changed it during the prompts
cd /home/pi/.ssh
cp id_rsa.pub authorized_keys
Now take the id_rsa file and transfer it to the machine that you want to use connect to the PI from:
To connect use:

Code: Select all

ssh -i /path/to/id_rsa pi@hostnameORipaddressOfPI -p 3293
Now as far as the making sure no one can fall back into using plain text :
Before you do this however, make sure that you are able to do keyless authentication by testing it, you dont want to lock yourself out

Code: Select all

#On the PI as root
#create backup to config
cp /etc/ssh/sshd_config ~/ssh_backup.txt
vim /etc/ssh/sshd_config
Look for
#Port 22
and add underneath or uncomment and edit to:
Port 3293

I recommend something higher than 1024 to minimize spam from the webs.

Look for the following values in /etc/ssh/sshd_config:
#PasswordAuthentication yes
#ChallengeResponseAuthentication yes
#UsePAM yes

change all of these to no by uncommenting if necessary and editing or by commenting the line and adding this:
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no

now restart ssh via

Code: Select all

service ssh restart
Let me know if you have any issues or concerns.

Return to “Python”