Automated SSH commands from HA

Hey,

I have a pi controlling an led matrix which I now want to automate with home assistant. I’m new to all of this and the only thing that came to my mind was to just send the ssh commands form HA to the pi. I googled a bit and found out that it is possible but I got confused on how to do it.

From what I understood until now I need to install the “Terminal & SSH” addon in HA, generate a ssh-key on the virtual machin running HA and than somehow give that key to the pi so home assistant can long in without a password.

Once that is done I’ll need to add something like this to the configuration.yaml:

shell_command:
  led_matrix: 'ssh [email protected] cd dev/rpi-rgb-led-matrix/utils/
sudo ./led-image-viewer [...]'

or atleast I think so.
Will this work? I feel like I understood something pretty wrong and could need some more explanaition :confused:

Could you clarify? You might be able to do this more easily by switching to a different platform.

Take a look at this guide, think it’ll help

It’s a Pi 4 controlling a 64x64 led matrix with the libaryfrom hzeller

Just read trough the guide and it seems pretty detailed. Can’t try it out yet but I’ll do as soon as I get home

okay so no chance with this guide. I did creat ssh keys befor and they work just fine but here I mess up again and agian.
I save the key in /config/.ssh as the guide says but later at the copy part it always tells me that /config/.ssh does not exist.

Enter file in which to save the key (/root/.ssh/id_rsa): /config/.ssh
/config/.ssh already exists.
Overwrite (y/n)? y

later

~ $ cat .ssh/id_rsa.pub | ssh pi@raspberrypi'cat >> .ssh/authorized_keys'
cat: can't open '.ssh/id_rsa.pub': No such file or directory

or

~ $ cat /conifg/.ssh/id_rsa.pub | ssh pi@raspberrypi'cat >> .ssh/authorized_keys'
cat: can't open '/config/.ssh/id_rsa.pub': No such file or directory

also I have to use cmd for all of this which probably doesn’t make it better…

The first prompt asked you for the name of the file and you provided the name of the folder. So it created a key for you in a file named /config/.ssh and overwrote the existing folder that was already there. If you rename it you can then make your /config/.ssh folder again and move it in there. Or delete everything and start over.

Your second and third commands also have typos. You need a space after raspberrypi and in the third you put /conifg

By the way, if you’re in for a bit of Python coding, you can use MQTT instead which might have lower latency.

I still don’t fully understand this because there never was a folder /config/.ssh. I did the exact same thing twice because it was unable to find the file the first time and at the second time it gave the posted answer.

Emm the thing with the typo… I wrote this in here and did not copy it form cmd because I had it closed already. Let me just do it again so I can make sure I didn’t had any typos

I’d have no problem using MQTT but I never did anything with python nor can I code. Unless there is something finished in the web that I can copy and past I will not be able to do it :sweat_smile:

That’s ok if the folder doesn’t exist when you do the command, it creates subfolders for you as necessary. It just expects the path you provided to end in the name of the file you want. So when you did this:

Enter file in which to save the key (/root/.ssh/id_rsa): /config/.ssh

It said “ok so they want me to put a key in a file named .ssh inside the /config folder, I can do that”. This is valid but not what you wanted. Instead you should’ve done this:

Enter file in which to save the key (/root/.ssh/id_rsa): /config/.ssh/id_rsa

Then it will put the key in a file named id_rsa inside /config/.ssh which is what you were looking for.

Could just try it again but it might not like that /config/.ssh already exists and is a file not a folder so you might have to delete that file first. Or it might just overwrite it as a folder automatically, not sure.

1 Like
Enter file in which to save the key (/root/.ssh/id_rsa): /config/.ssh/id_rsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Saving key "/config/.ssh/id_rsa" failed: Not a directory

If I add the “id_rsa” to the end it always says “Not a directory”. I also tried “/config/test/.ssh” with and without “id_rsa” and got the same results. Without it is fine but if I add it it says "Not a directory

Ok got it, my bad, it will not make you subfolders automatically, just tested it myself. First I tried it like this:

config $ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): /config/.test_ssh/id_rsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Saving key "/config/.test_ssh/id_rsa" failed: No such file or directory

Got the same error. So then I did this:

config $ mkdir .test_ssh
config $ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): /config/.test_ssh/id_rsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /config/.test_ssh/id_rsa
Your public key has been saved in /config/.test_ssh/id_rsa.pub

As you can see, that worked fine. So first you have to create your .ssh folder using mkdir, then you can run ssh-keygen and provide /config/.ssh/id_rsa as the file name

2 Likes

okay I’ll try it and this time I’ll also copy everything form cmd directly jsut in case I mess up again

~ $ cd /config
config $ mkdir .test_ssh
config $ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): /config/.test_ssh/id_rsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /config/.test_ssh/id_rsa
Your public key has been saved in /config/.test_ssh/id_rsa.pub
The key fingerprint is:
config $ cd
~ $ ssh pi@raspberrypi mkdir -p .ssh
pi@raspberrypi's password:
~ $ cat .ssh/id_rsa.pub | ssh pi@raspberrypi 'cat >> .ssh/authorized_keys'
cat: can't open '.ssh/id_rsa.pub': No such file or directory
pi@raspberrypi's password:
Permission denied, please try again.
pi@raspberrypi's password:
~ $ cat /config/.test_ssh/id_rsa.pub | ssh pi@raspberrypi 'cat >> .ssh/authorized_keys'
pi@raspberrypi's password:
~ $
~ $ ssh pi@raspberrypi "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"
pi@raspberrypi's password:
~ $

So it defenelty went better this time and I got all the way through the tutorial. However if I try to ssh into the pi (from the cmd window that is SSHed into HA) it still asks for a password. I’ll have to test it in HA and see if it works from there

It does work!! I once again was just a bit stupid

~ $ ssh pi@raspberrypi -i /config/.test_ssh/id_rsa 'cd dev/rpi-rgb-led-matrix/utils/
>
> sudo ./led-image-viewer --led-rows=32 --led-cols=64 --led-show-refresh --led-chain=2 --led-pixel-mapper="V-mapper:Z" --led-limit-refresh=200 --led-slowdown-gpio=4 --led-brightness=80 /home/pi/images/scale1.png'
Loading 1 files...
Loading took 0.007s; now: Display.```
1 Like

Thanks alot for explaining everything this detail. would not have been able to do this otherwise

Hmm seems like I’m not done yet. While the command works when I enter it in cmd it does not work when executed by HA

shell_command:
  matrix: ssh pi@raspberrypi -i /config/.test_ssh/id_rsa 'sudo ./dev/rpi-rgb-led-matrix/utils/led-image-viewer --led-rows=32 --led-cols=64 --led-show-refresh --led-chain=2 --led-pixel-mapper="V-mapper:Z" --led-limit-refresh=200 --led-slowdown-gpio=4 --led-brightness=80 /home/pi/images/scale1.png'

The command itself got a few quotation marks in it could that be a problem?
I got told not to use 'at’raspberrypi but the ip adress and like that it does work.

This now shows a new problem: If I execute another command to show another image it does not close or end the first command leading to overlapping images shown at the same time. Just cutting the connection right after the command is executed also doesn’t work since the image is only shown as long as it is connected.

Is the problem that its taking a long time to render the image? If so you can bump up the command_timeout to give it more time.

No the render time is completely fine. The problem is that the matrix only displays an images as long as the connection is active. If you ssh onto it manually and close the window it stops displaying.

Right now HA keeps the connection up endlessly which in general is what I want. However if the command gets executed again the first connection does not close but now HA got two active SSH connections to the pi telling it to display two images at the same time.
This results in a weird mix of flickering colors on the matrix since it can’t handle two incoming signals.

Basically I need HA to kill the first connection when the command is executed a second time (or a slightly different command to the same pi)

Ah ok. So in the config for command line sensor there’s two relevant settings:

  1. command_timeout - max amount of time HA will let the command run before killing it
  2. scan_interval - time between refreshes of the sensor (i.e. between command executions)

Try staggering those a bit . Maybe make the timeout 30 and the interval 35. That way HA should kill the first connection after 30 seconds and not start a new one for another 5. Can tighten that window down to a one second difference if you need it as continuous as possible but might run the risk of accidental overlap, not sure how exact everything is.