Cannot get Hassio to execute SSH

I have googled and tried to find answer to my question but i cannot find it, probably I´m blind or stupid or maybe both!

What I want is to reboot a second raspberry that I run some stuff on when I reboot my Hassio system. I was thinking I could do this via SSH. I followed this guide https://youtu.be/Ai7fqCWK41w and its good but will not work for me. Think as to do with Hassio, but not sure.

I have added this line to my configuration.yalm

shell_command:
  restart_h1: ssh -l pi 192.168.5.83 "sudo reboot"

Then I made a script:

  alias: Reboot H1 server
  sequence:
    - service: shell_command.restart_h1

when i execute the script I get this error message in the log:

Error running command: ssh -l pi 192.168.5.83 "sudo reboot", return code: 255

When I execute the command ssh -l pi 192.168.5.83 "sudo reboot" from Hassio commando line it works fine.

What have I missed?

You need to create an ssh key in the hassio Pi.
But it’ll be lost when you restart hassio

Ok but how do I keep that key then? I will reboot my Hassio often.

I’m not sure it’s possible with hassio.
Perhaps you can generate the key and make a copy of it in your configuration directory.

You can then use a shell command to copy it where it needs to be which is / root/.ssh.

So if you’re restarting the 2 machine you’d create an automation that copy’s the key to the right directory and then runs the restart command you currently use.

Not sure it’ll work, but you can try

Put the ssh keys in /config and it won’t be lost.

I have made a key, have it on the other rasp as well. Like I say the commando woks from the hassio commando line so if I use putty and execute ssh -l pi 192.168.5.83 "sudo reboot" then the other rasp will reboot as it should. But if I use the shell_command it will fail.

I have put the key in the configuration like you said as well as setup my SSH server on the hassio to use this key. Still I see in the log the following:

Error running command: `ssh -l pi 192.168.5.83 "sudo reboot"`, return code: 255

my understanding is that the ssh -l command pulls the key from the directory /root/.ssh/
if you’re key is in /config it wont work.
that’s why i suggested having a script that copies the key from /config to /root/.ssh before it uses it.

Strictly speaking -l specifies the username to login with (which defaults to the user executing ssh). The identity file by default is ~/.ssh/id_rsa and ~/.ssh/id_dsa. You can change the identity file with -i. No copying required.

oh great tip, thank you.
so for hassio it would be something like ssh -i hassio ?

I dont use hassio, but have seen many people struggle with the same issue. So this would be great help.

Ok did a bit of reading. So to pass the desired key you’d use:

ssh i /path/to/key pi 192.168.5.83 "sudo reboot“

For above example

ssh -i /path/to/key -l pi

thank you for the instruction

Maybe you could dumb it down a bit? haha

So what do I need to do step by step to get this done? You say i don´t need to copy the key or send it to the other host or do I misunderstand here?

Hi, I have the exact same problem:

Error running command: `ssh [email protected] "sudo poweroff"`, return code: 255

Did you make it work?

I had the same issue a while ago and made a post in this thread:

Hope it helps

With hagenuck1’s code, I got it to work… at least somehow.
Because the raspberry pi shuts down as I want but I still get an error in my log:

Error running command: `ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i /config/ssh/id_rsa [email protected] "sudo poweroff"`, return code: 255

However I got the solution!
This excellent article guided me: “A thorough guide on controlling anything SSH with Homeassistants’s Hass.io” by Dovydas Gulbinas, a software engineer with fullstack & DevOps tendencies :wink:
I didn’t follow the guide “to the letter” because unlike him I couldn’t create a user on my pi installation. Therefore I did it with the user root.

Here is how I did it:

You have to copy the public key of the computer from which you want to access the hassio host (Home Assistant Web UI).

list all the public keys you have by doing (If you have none, create one):

ls ~/.ssh/*.pub

Show public key

cat ~/.ssh/id_rsa.pub

Copy the public key, paste it into Sublime Text.
Save with Encoding Western Windows-1252 as authorized_keys (no extension)
Copy authorized_keys to a Fat 32 formatted USB. Plug the USB into your Hass.io device.

From the Home Assistant Web UI, navigate to the hass.io system page and choose “Import from USB”. (There will be no feedback, but that’s fine.)

On the MASTER computer:

You should then be able to SSH into your Hass.io device. On Mac/Linux, use:

ssh [email protected] -p 22222

(Tip: Learn more about this in the article on SSH access to the host for HassOS based Hass.io)

In the Hass.io CLI type “login” in order to access the host system.

login

List all docker containers. The one we need has the name homeassistant.

docker ps -a
CONTAINER ID IMAGE NAMES
e547e79d00fb homeassistant/raspberrypi3-homeassistant:0.103.6 homeassistant

Copy the CONTAINER ID.

docker exec -it e547e79d00fb /bin/bash

now finally generate your SSH key, but this time in a different directory

mkdir /config/ssh
ssh-keygen -t rsa -f /config/ssh/id_rsa

lets checkout our two brand new PUBLIC & PRIVATE keys

cd /config/ssh
ls -al
cat id_rsa.pub

if all went well you public key output should look something like this:
AAAAB3NzaC1[…]Bs= [email protected]
Copy this value for later use.

On the SLAVE computer:

SSH into the machine you want to control.

ssh [email protected]

(In the original guide, Dovydas created a user. However, since I use a Single Board Computer with an openmediavault OS, it didn’t work with a user as described in the original guide. Therefore I did it with root.)
Generate key

ssh-keygen -t rsa

You can look at the key

cat ~/.ssh/id_rsa.pub

Okay we have our keys setup but what about passwordless connection from the MASTER computer?
It’s easy we have to add the the public key we copied before to the authorized_keys file of the SLAVE computer.
(Notice: the public key is much longer, I’ve shortened it for this guide with “[…]”)

echo "ssh-rsa AAAAAB3NzaC1[…]Bs= [email protected] " >> ~/.ssh/authorized_keys

(Notice: Opposed to the original guide I did not do chmod 600 ~/.ssh/authorized_keys, because I didn’t want to mess with the unix permissions on the root account of my openmediavault OS installation.)

To run some commands with sudo without a password you need to add these lines to /etc/sudoers file.

sudo visudo

Under the line %sudo ALL=(ALL:ALL) ALL type:

root    ALL=(ALL) NOPASSWD:    ALL

(Notice: Since I am root, I don’t know if this is necessary in my case)
Save the file with ^O (Ctrl+O).
Important! Delete the .tmp from the file name in order to overwrite the file!
Exit the vi editor with ^X (Ctrl+X).

Testing SSH connection from the MASTER computer to the SLAVE computer.

ssh [email protected] -p 22222
login
docker exec -it e547e79d00fb /bin/bash
ssh -i /config/ssh/id_rsa -o StrictHostKeyChecking=no [email protected] 'sudo poweroff'

This should shut down the SLAVE computer.

Now it’s time to do the same thing in homeassistant.

Create a switch in configuration.yaml

switch:
  - platform: command_line
    switches:
      test_ssh:
        command_on: "ssh -i /config/ssh/id_rsa -o StrictHostKeyChecking=no [email protected] 'sudo poweroff'"
        friendly_name: Magic Test Switch

Restart the homeassistant server (Configuration > Server Controls > Restart)

Add an entity card to Lovelace with the entity: switch.test_ssh.

Now you’re ready to go!