Updated on 2/20/2026
In addition, to the Remote shutdown crontab, I need to add a crontab to this computer, that will reboot the two AirPrint (RPi Zero 2W) that are being monitored.
In the event of loss of power, I want to gracefully shutdown my Synology NAS's, while my UPS still has battery capacity.
However, there are two catches.
You can get around the first problem by installing sshpass.
sudo apt install sshpass
This allows you to enter the password on the command line. Sshpass uses a dedicated tty. Windows users can use plink, which is included with putty.
The syntax is:
sshpass -p your_password ssh-command
However, if the remote host is not in the client's ~.ssh/known_hosts file, you will receive a prompt asking you if you want to accept the remote host's fingerprint and continue.
To get around the prompt, you can use the ssh option, -o StrickHostKeyChecking.
That is:
sshpass -p your_password ssh -o StrickHostKeyChecking=no user_name@IP_Address
ssh also allows you to issue a command on the same line as the login. We can use this to change the shell to a root shell. The command is:
sudo -i
But, using the sudo command prompts you for a password.
You cannot prevent the prompt, but can you pipe the password into the sudo command using echo and the sudo -S option, which directs sudo to get the password from the standard input.
echo "your_password" | sudo -i -S
Finally, the sudo command allows you to optionally issue another command on the same line.
The final command to shut down a Synology NAS is:
sshpass -p your_password ssh -o StrickHostKeyChecking=no NAS_user_name@NAS_IP_Address 'echo "password" | sudo -i -S shutdown now -h'
In summary:
sshpass - Allows you to login to shell from a script.
StrickHostKeyChecking - Is an SSH option that enabled by default. It verifies the key supplied by the server is in the clients "known hosts" file (.ssh/known_hosts).
ssh user@ip_addreess 'command1; comand2' - To ssh into a host and immediately execute commands surround them the either single quote or double quotes [5].
sudo -i or sudo --login - simulate a login into the root account.
sudo -S or sudo --stdin - Write the prompt to the standard error and read the password from the standard input instead of using the terminal device.
I decided to implement this using a Raspberry Pi Zero 2W that is UPS backed up. It executes a root cron job every 5 minutes. It monitors (pings) two non-battery Pi Zero 2W that are used as wireless printer drivers.
The root cron job is:
*/5 * * * * /etc/nas_power_monitor.sh > /dev/null
and the script, /etc/nas_power_monitor.sh, is:
#!/usr/bin/bash
# -------------------------- Description -------------------
# Updated on 8/6/2025
# This script monitora at least two non-battery backed up
# host, and if they are down, it gracefully shutdown NAS's
# and file servers. You need to monitor at least two hosts
# so you can update the OS without triggering a NAS shutdown.
# The script is ran by a root cron job every 5 minutes
# The script contains passwords in plain text. Only the root
# should be able to read and execute this script.
# It takes about 1:20 to shutdown the NAS's.
# ------------------------- Dependancies -------------------
# Dependency 1. - This script depends on sshpass,
# which is not installed on Debian by default:
# sudo apt install sshpass .
# ------------------------- References --------------------
#1. Enable SSH on the Synology Server: https://edywerder.ch/ssh-into-synology/
#2. Shutdown Synology NAS:
# https://www.c-amie.co.uk/technical/how-to-shutdown-a-synology-dsm-6-nas-using-a-script/
# ------------------------- Constants ----------------------------
declare -a monitor_array # Non-battery backed up host to monitor
monitor_array[0]=IP_Address-Redacted # Dell 1760 Wireless Printer Driver
monitor_array[1]=IP_Address-Redacted # HP 1320 Wireless Printer Driver
declare -A NAS_array # Associative Array - NAS's to Shutdown
# NAS_array=[password]=user@NAS_IP
NAS_array[redacted]=Redacted@NAS_IP-redacted # Synology 1
NAS_array[redacted]=Redacted@NAS_IP-redacted # Synology 2
NAS_array[redacted]=Redacted@NAS_IP-redacted # Synology 3
NAS_array[redacted]=Redacted@NAS_IP-redacted # Samba File Server
# ----------------------- end constants --------------------------
down_counter=0
nas_counter=0
# check that the LAN is up and at least one NAS is up
for user_at_ip in "${NAS_array[@]}"
do
ip="$(echo "$user_at_ip" | awk -F@ '{print $2}')"
# echo "ip = $ip"
if ping -c 1 -W 1 $ip > /dev/null; then
# -c 1 ping one time ; -W 1 wait one second for a reply
(( nas_counter++ ))
else
echo "$ip is down $(date)" >> /home/aw/down_time.txt
fi
done
# echo "nas_counter = $nas_counter"
# ----------------------------------------------------------------
if (( nas_counter != 0 ))
then
# echo "LAN is up and at least one NAS is up"
# test monitor_array
for ip in "${monitor_array[@]}"
do
# echo $ip
if ! (ping -c 1 -W 1 $ip > /dev/null )
then
echo "$ip is down $(date)" >> /home/aw/down_time.txt
((down_counter++))
fi
sleep 10
done
if ((down_countr == 2 ))
then
# echo "down_counter equal 2"
sleep 120 # sleep 120 seconds
for ip in "${monitor_array[@]}"
do
if ! (ping -c 1 -W 1 $ip > /dev/null )
then
echo "$ip is down $(date)" >> /home/aw/down_time.txt
((down_counter++))
fi
sleep 10
done
fi
fi
# ----------------------------------------------------------------------
down_counter=$[$down_counter/2]
if (( down_counter == ${#monitor_array[@]} )) # all monitored hosts are down
then
# echo "Shuting Down NAS Servers and Samba File Servers"
for pw in "${!NAS_array[@]}"
do
# echo "pass word is $pw; user_name_ip is ${NAS_array[$pw]}"
sshpass -p $pw ssh -o StrictHostKeyChecking=no ${NAS_array[$pw]} "echo $pw | sudo -i -S shutdown -h now"
done
# echo "Shutdown completed"
date >> /var/log/power.txt # log shutdown NAS's
# echo 'Send email notification to ray@franco.ms'
swaks \
--from redacted@Redacted.com \
--to redacted@Redacted.com \
--server smtp.protonmail.ch \
--port 587 \
--auth PLAIN \
--tls \
--auth-user 'redacted@Redacted.com' \
--auth-password 'Redacted' \
--ehlo 127.0.0.1 \
--header 'Subject: NAS Servers Powered Down' \
--body "$(date) NAS Servers Powered Down"
fi
My nftable for this server is:
#!/usr/bin/nftables -f
# Raspberry Pi Zero 2W - Power Monitor - lockdown updated on 2025-08-06
# ---------------------------------------------------------------------
# This Pi Zero 2W is powered from a UPS. It monitors power by pinging
# two or more Pi Zero 2W. In the event of a power outage, it shutdowns
# my Network Attached Storage devices and file servers. It also send
# me an email notification.
#
# 1. The OS is updated via SSH
# 2. It has to send and receive pings.
# 3. It uses SSH to shutdown the NAS's and file servers.
# 4. It uses smtp and port 587 to send an email notification.
# --------------------------------------------------------------------
flush ruleset
table ip zero34 {
# ----------------------------------------------------------------
# Customized the sets below for your network
set ssh_allow_in {
typeof ip saddr
elements = { 192.168.0.40, 192.168.0.41 }
}
set ping_allow_in {
typeof ip saddr
elements = { 192.168.0.40 }
}
set ping_allow_out {
typeof ip daddr
elements = { 192.168.0.20, 192.168.0.21,
192.168.0.21, 192.168.0.22,
192.168.0.31, 192.168.0.32 }
}
set shutdown {
typeof ip daddr
elements = { 192.168.0.20, 192.168.0.21,
192.168.0.22, 192.168.0.22 }
}
# Customize the sets below for your OS
set update_debian_bookworm {
typeof ip daddr
elements = { 151.101.2.132, 151.101.66.132, 151.101.130.132,
151.101.194.132, 146.75.94.132, 199.232.66.132,
151.101.46.132, 146.75.126.132, 199.232.90.132,
151.101.18.132, 146.75.106.132, 151.101.22.132,
151.101.114.132, 199.232.98.132, 199.232.38.132,
146.75.42.132, 151.101.162.132, 151.101.202.132,
146.75.78.132, 151.101.134.132, 151.101.14.132,
151.101.74.132, 151.101.50.132, 151.101.250.132,
146.75.122.132
}
}
set update_pi_bookworm {
typeof ip daddr
elements = { 176.126.240.167, 176.126.243.6, 46.235.231.151,
46.235.231.111, 93.93.135.118, 93.93.135.141,
93.93.135.117, 176.126.240.86, 176.126.240.84,
46.235.231.145, 176.126.243.5, 176.126.243.3
}
}
#--------------------- End Customization ---------------------------
chain INPUT {
type filter hook input priority filter; policy drop;
ct state established,related counter accept
iif lo ip daddr 127.0.0.1/8 counter accept
# allow only certain ip addresses to ping and limit rate
ip saddr @ping_allow_in icmp type echo-request limit rate 5/second accept;
# allow only certain ip addresses to SSH into this machine
ip saddr @ssh_allow_in tcp dport ssh accept
drop # everyting else
}
chain OUTPUT {
type filter hook output priority filter; policy drop;
# allow established and existing traffic
ct state established,related counter accept
# allow DNS out - need for OS updates
udp dport 53 ct state new counter accept
tcp dport 53 ct state new counter accept
# Debian Updates
tcp dport 80 ip daddr @update_debian_bookworm counter accept
# Raspberry Pi Updates
tcp dport 80 ip daddr @update_pi_bookworm counter accept
# Network Time Protocol
udp dport 123 counter accept
# allow sending pings to certain ip addresses but limit rate
ip daddr @ping_allow_out icmp type echo-request limit rate 5/second accept;
# allow sending SSH to servers that need to be shutdown
ip daddr @shutdown tcp dport ssh accept
# allow sending mail (smtp) to Proton Mail
tcp dport 587 accept
drop # everything else
}
}