Using Keyboard Maestro Remote Trigger with Shortcuts

I use a remote trigger in Keyboard Maestro to start an AppleScript on my Mac Mini using a shortcut. I want to be able to start this AppleScript from any location (also outside my home network), hence the choice for the remote trigger. Everything is working fine, except every time I fire the URL, shortcuts opens a Safari page. I find it mildly annoying and searched for a way to execute the URL with shortcuts without the need for opening a browser. Did not find a solution. Anybody an idea?

Try using the Get Contents of URL action.

I’m not sure I understand what you mean in the context of firing the url?
I’m asking because I’m trying to understand both @HeerBommel ‘s shortcut and your reply

Perfect! Solves the problem.

@JKoopmans I have an AppleScript running on my Mac Mini at home and I want to start it remotely from my iPad. I’m using Keyboard Maestro for this. KM has a so called ‘remote’ trigger which is a simple URL that you can enter in your browser. I did this in shortcuts with the action open URL and it totally worked but this action also opens Safari. Thanks to the tip of @sylumer I have now changed it to Get Contents of URL, which does the same, but without opening Safari (and giving me the result of the HTTP request at the same time, however I do not need this for this specific situation).

Understood! dank je :slight_smile:

Had not seen this trigger option before, this is opening up whole new areas of automation :slight_smile: Thanks both!

Just take note of the security implications with this approach, and the potentially for poor reliability. You can read about them in the Keyboard Maestro documentation for remote triggers - Peter has flagged a lot of potential issues for it; not sure why he’s even let it persist to be honest. :man_shrugging:t2:

There are several other methods that can be used to trigger a macro when you are off the Mac’s LAN, that should offer more security. Here are some examples to illustrate just a few of those options.

  • Enable a certificate based SSH connection back to your Mac and trigger the macro from the command line directly (shell script utilising osascript; check out each macros “or by script” options.
  • Route your firewall to allow access to macros via login on a local Keyboard Maestro web server, or utilise a VPN connection to your Mac’s network to give you internal access. A VPN connection actually opens up layering several approaches.
  • Write a file to a cloud sync’d folder and have Hazel watch the folder and trigger the appropriate KM macro.

The first and last can certainly be utilised by Shortcuts, but the last requires the use of another tool, Hazel.

The second one also highlights an alternative URL interface, and the VPN option could be applied to the first option too for even stronger security, but again requires some extra effort as you need to configure a VPN connection.

If you are going down this path, do please stay safe, and do consider more secure and reliable approaches before relying on the admittedly quick to implement, remote triggers.

1 Like

Thanks @sylumer
I’ve read the remote trigger documentation and notes on the KM forums, and know the issues.
It’s just another fun way to automate using shortcuts and KM, and I’m not triggering destructive macros with it. I like the fact that there would not be a need for a VPN or anything like that.

The SSH connection sounds good as well, and would provide more security.
Now to figure out how to get that working in shortcuts :slight_smile:
(not to mention getting certificate based SSH to work properly)

Setting up SSH in Shortcuts (and on your Mac) seems like a good topic for a “How To”…

I’ve done this myself, so I’ll see if I can pull something tomorrow.

that would be awesome TJ! I’ve been searching for something, but most of the articles online refer to generating the key-pair, but ignore the certificate option.

Until @tjluoma posts something more definitive here’s a brief look at setting up SSH for Shortcuts.

First of all, you will need to ensure you have a terminal app and are able to login to your ‘box’. This could be utilising a username and password credential-based login or an existing SSH login. There are steps to take to ensure you can only use SSH with an account that are also worth looking into.

Let’s begin with a simple SSH action in Shortcuts to list files using ls - al

Here I’m connecting to one of my Raspberry Pi machines, and it is accessible over a non-standard port. Note that the action has been set to use an SSH key.

If I run this action, I get some fingerprint details to confirm to ensure this really is my box. Happy that it is, I select Connect.

But this connection will fail as my box doesn’t know to trust my key. I need to add my public key to the list of authorised keys on the box.

Tapping on the blue text of the SSH Key in the shortcut action takes me to a window where you can share the public key.

The key has a note about this being for Shortcuts for my iPhone, which is useful. Select the option to share, and copy the key.

You now need to login to your box using a terminal app. There are many out there. Free and commercial. Pick one you trust, or even use a terminal connection from a Mac or PC. Just ensure you have tthe copied public key on that machine.

Once logged in as the user you want to use (“pi” in my case), type in the following command.

sudo nano ~/.ssh/authorized_keys

You might not need the sudo, but I’ve had a mix of success on different machines, so I just use it by default. Non-US folks, note also that this uses American English spelling.

This command will open the authorised keys listing file in an editor called nano.

Paste the public key entry on a new line at the end of the file, then press CTRL+S to save, and CTRL+X to exit. Your key is now in the list of authorised keys. You can exit.

Now when I run my SSH action, it completes with no further interaction and I can see the file listing coming through as output.

There’s more to dig into on SSH. Things like port exposure/port forwarding can be considered, disabling username and password login or at least limiting consecutive login attempts, etc., but hopefully the above gives a few pointers to get started.

3 Likes

Presumably if you SSH into a Mac you can then run an inline AppleScript (or whatever) to invoke a KM macro.

Not to criticise but that’s the bit I didn’t see in your post just above this one @sylumer.

Look again. :wink:

Try searching back through the thread further for osascript as an example approach.

1 Like

Wow! This is great, and at least as good as anything I might have made, so I’d just refer people to this as the “How To” for people who want to use this instead of a regular password.

One possible typo:

was that supposed to be:

sudo nano ~/.ssh/authorized_keys

?

I think that’s what.I would need to do on my Mac. (And I wouldn’t think you’d need/want sudo on a Mac, but maybe on some other Un*x you might.)

1 Like

but it’s still not about certificate based authentication. I can get the ssh key pairs to work fine, just would like to know how to do it with a cert.

1 Like

Good spot. My bad typing combined with a Logitech keyboard that tries to be UK on iOS means the keys don’t always map the way I type.

My keyboard has duplicates....

On the left pipes and tildes.

On the right tildes and pipes.

I can never recall what does and doesn’t need the sudo as I say. I’ve worked on that many servers I just got used to the path of least resistance :man_shrugging:t2:

1 Like

Sorry @Jkoopmans, that’s my error in the bullet point in the early post. While SSH connections can support PKI certificates for solutions like OpenSSH, and I’m pretty sure I have used that in the past, Shortcuts currently only provides SSH key pairs or username & password credentials as authentication options. It should have said “key based”, not “certificate based”.

My apologies for the confusion this caused :persevere:

1 Like

Agreed, except that I’d stated “Here are some examples to illustrate just a few of those options.”, and I was referring back to one of the three illustrative examples. I could have used folder actions, or Hazel, the folder trigger in Keyboard Maestro itself , or another third party tool. I specifically wanted to provide an example using Hazel as that is something many forum readers use already for folder monitoring and so would be easy to apply in a standardised manner. And as noted,I was only providing “some” examples. It is far from being an exhaustive list!

I have deleted my post @sylumer, because the entry should not be created in the community that you could not know something.

You seem to attach great importance to this! It will not happen again to me to let this impression arise with your person.