Cannot add multiple keys in config for Advanced SSH & Web Terminal

I’m trying to add another public key to the Advanced SSH & Web Terminal (v20.0.2) options. But when I restart the add-on the newly added key vanishes. I must be mising something obvious.

The add-on documentation does mention using multiple keys. But, I’m unable to change any config option and have it stick.

I’ve tried adding the key in the add-on’s configuration and after a restart the added key no longer shows in the config.

I even tried stopping the add-on, then editing on HAOS the options.json file directly, and restarting. Note, this is on the host OS, not the HA container.

Generating the key:

bill@macha:~/.ssh$ ssh-keygen  -f ha_backup -P '' -q
bill@macha:~/.ssh$ cat ha_backup.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8TzBCC1/BtoAS+NUqLgIv5Xj5olTwyVHHlumenjd0WGjIa0JGY++x3VrocoKCOptp5mbh1YxQJAi5IiVg/ijlvlIZO4vNdUjSUboBccYiJWfQo4GO9NqbMQi32mAilTr7WNgiU/jTAR8FvrPeXJEHxeRQ0N/6aLofdKhMxQL05Ci6VKRPPN7gHckUir3XrSx4YlweIwMNKesn9wnvuGFZXKrBQeUMWARlebo7H/xkFHYmA3GtN70dwaajUaTKTQlW3Swl3G73CFXNQMERUCqs1Z/nmbDrX3MJHt+sjZllW7NtvIPUMe/Un/CzXsFZsB+YdqZWlVlP6L5vRzFLFDMDCv50iaq2rPuwDDRlLR1MJ0DBCrumMOmAFy74xhvADnmoeBeJdYUDJv6GDoOhxLkDYBee9lPGyqXMetFxUkyq+V+WIhpWf3Fi0IQsWZTV+ZEaUSJivE3X/KtTJKVSviwEzaJ4tBkA1FI8pSF5wDd53/xy1S3XC/f8sbvRFxk/Ddc= bill@macha

Now, on HAOS after the add-on is stopped I directly edit the options.json file. You can see that there’s two public keys listed.

UPDATE: Below is wrong. HA writes the options.json file when it starts the add-on.

# pwd
/mnt/data/supervisor/addons/data/a0d7b954_ssh
# jq .ssh.authorized_keys options.json
[
  "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCvQJbFCybvB+jqJK/H/OPRdelo7rNBiJQblRLDPCDJtgXoE5oRB+duZ9UxC5R7mbJSUWYfivfTDh8qCaNH+mu4O5kaIwekF9rSMBo42bhGqDCyquREZlos/HLToEQBErfm+HlFYFc1CLvnzZ7gOuAC4haXZBoESwhrQxl5ALCrD/rB2ZrNRvmo86q8O2DrCcpzzSilE0q2Q4nZb13tw5nydv+GtLweaPY7t2YRI4H7HtARr9CW6lhUO0DL3UERt2juH5BL7URsQZ4/vWR6GeuO2nIT5kITMh/MnKEKjWmGULGUUAtii5+qLVQI3RTyd0ZjROu7SLj5bl4IGZH6CkD2L2bF9NQMn+W1lZmhShPHoQOrqOcOoeK4O18K8DLhulctZD04p5oocxmVawEhrMWjTwpe2/Ik8+vIOty+6F2LSoN04YnsSUXzOmPPJO8KapQ3GC/XGV/9VThvQ0n3WYUdtE/uM0toGP2VH/c1OfpohXN3oQnZnCvfVTMyaAeT858= [email protected]",
  "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8TzBCC1/BtoAS+NUqLgIv5Xj5olTwyVHHlumenjd0WGjIa0JGY++x3VrocoKCOptp5mbh1YxQJAi5IiVg/ijlvlIZO4vNdUjSUboBccYiJWfQo4GO9NqbMQi32mAilTr7WNgiU/jTAR8FvrPeXJEHxeRQ0N/6aLofdKhMxQL05Ci6VKRPPN7gHckUir3XrSx4YlweIwMNKesn9wnvuGFZXKrBQeUMWARlebo7H/xkFHYmA3GtN70dwaajUaTKTQlW3Swl3G73CFXNQMERUCqs1Z/nmbDrX3MJHt+sjZllW7NtvIPUMe/Un/CzXsFZsB+YdqZWlVlP6L5vRzFLFDMDCv50iaq2rPuwDDRlLR1MJ0DBCrumMOmAFy74xhvADnmoeBeJdYUDJv6GDoOhxLkDYBee9lPGyqXMetFxUkyq+V+WIhpWf3Fi0IQsWZTV+ZEaUSJivE3X/KtTJKVSviwEzaJ4tBkA1FI8pSF5wDd53/xy1S3XC/f8sbvRFxk/Ddc= bill@macha"
]

Now I start the Advanced SSH & Web Terminal add-on. And after it starts there’s only one key in the options.json file:

# jq .ssh.authorized_keys options.json
[
  "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCvQJbFCybvB+jqJK/H/OPRdelo7rNBiJQblRLDPCDJtgXoE5oRB+duZ9UxC5R7mbJSUWYfivfTDh8qCaNH+mu4O5kaIwekF9rSMBo42bhGqDCyquREZlos/HLToEQBErfm+HlFYFc1CLvnzZ7gOuAC4haXZBoESwhrQxl5ALCrD/rB2ZrNRvmo86q8O2DrCcpzzSilE0q2Q4nZb13tw5nydv+GtLweaPY7t2YRI4H7HtARr9CW6lhUO0DL3UERt2juH5BL7URsQZ4/vWR6GeuO2nIT5kITMh/MnKEKjWmGULGUUAtii5+qLVQI3RTyd0ZjROu7SLj5bl4IGZH6CkD2L2bF9NQMn+W1lZmhShPHoQOrqOcOoeK4O18K8DLhulctZD04p5oocxmVawEhrMWjTwpe2/Ik8+vIOty+6F2LSoN04YnsSUXzOmPPJO8KapQ3GC/XGV/9VThvQ0n3WYUdtE/uM0toGP2VH/c1OfpohXN3oQnZnCvfVTMyaAeT858= [email protected]"
]
#

What am I doing wrong here?

Haven’t used the SSH addon in a while and no longer have it installed, so take the following advice with a pinch of salt:

Instead of editing the json file, have you tried to add the keys as a yaml list in the addon config page, like the example in the doc hints at?
I added the second key and comments for clarity - the rest is straight from the example.

log_level: info
ssh:
  username: homeassistant
  password: ""
  authorized_keys:
    - ssh-ed25519 AASDJKJKJFWJFAFLCNALCMLAK234234..... #first key
    - ssh-ed25519 ABABABBBB12341232412ABAB.... #second key
  sftp: false
  compatibility_mode: false
  allow_agent_forwarding: false
  allow_remote_port_forwarding: false
  allow_tcp_forwarding: false
zsh: true
share_sessions: true
packages:
  - build-base
init_commands:
  - ls -la

Yes, I initially tried to edit using the configuration editor.

UPDATE: The below isn’t correct. HA writes the options.json when statting the add-on. It’s not the permanent store, apparently.

Note here I added “xxxx” after the key and changed sftp: true.

The add-on is currently NOT running.

image1018×918 65.5 KB

I then hit “Save” at the bottom of the config screen, I then click on Info at the top of the page to move away from the config screen and then click back on Configuration and everything is reverted:

image896×786 57.8 KB

Weird.

Now if the add-on is running and I do the same thing it will say I need to reload.

image862×302 19.2 KB

But, again, the config resets.

This is too weird so I must be doing something wrong. That’s why I stopped the add-on and ssh’d into the host OS and edited the add-on’s options.json file directly. Isn’t /mnt/data/supervisor/addons/data/a0d7b954_ssh/options.json what is mapped into the container when the add-on starts?

If I change the option in the host OS it is the same as in the add-on’s container:

# cat /etc/issue
Welcome to Home Assistant
# pwd
/mnt/data/supervisor/addons/data/a0d7b954_ssh
# jq .ssh.sftp options.json
true
# docker exec `docker ps -f name=ssh -q` cat /data/options.json | jq .ssh.sftp
true
#

Then after restaring the add-on:

# docker exec `docker ps -f name=ssh -q` cat /data/options.json | jq .ssh.sftp
false

Does the connection for [email protected] actually work by itself though? I don’t recall having to add my username to the key.
I’m not even sure of the addon supports multiple usernames/connections for different users, in fact.

Hopefully someone with more recent experience will show up to help you.

That’s just a comment on the key. ssh-keygen adds that by default unless you change it with the -C option.

And yes, I can ssh in using that key.

I’m trying to add a second key (without a passphrase) that has a command= setting for rsync so I can do backups from another machine.

And the add-on does allow multiple keys, according to the documentation.

But, this seems unrelated to the authorized keys and simply that my config isn’t updating.

Remove the comment. I think that’s the cause of your issues, though I could obviously be wrong.

Managed to track down my old privkey config, and it doesn’t contain any comments. I have a feeling the space before the comment doesn’t cooperate with multiple keys.

EDITED TO ADD: Make sure you have no trailing spaces at the end of the key when removing your comment

Use the “Save” button in the Options panel. There are 3 “Save” buttons for different panels, they are not global save buttons.

Yeah. I did that the first time. (And it’s not the first time that has caught me.)

But then I was editing in YAML mode and then when I switched back to UI mode the option was vanishing (or resetting). Is that a bug? In automations and scripts uyo can toggle between YAML and UI mode.

I assumed the options.json file in the host OS was the store for the options, but I see now that it is written when the plugin starts. Big mistake on my part.

I can stop a add-on and change config, restart HA and the config persists. Do you know where HA stores the add-ons config that gets written to options.json?

Not sure if there’s a bug or not for that activity. I just used the UI mode, added extra keys and use the Save button the Options panel. It worked fine with comments and all.

/mnt/data/supervisor/addons.json on the host.

Ah, that looks familar. Thank you.