Nice one
After following a few different threads and tutorials I made it! I did have a laugh when the HassIO welcome page came up saying that it can take 20mins⊠then finished in about 1min! First impressions of the NUC vs. RPi3âŠwell its certainly a lot faster 
1 Like
Question: I need to upload a HassIO snapshot which I took from my RPi install to the NUC. Using WinSCP, if I try to upload it to the /usr/share/hassio/backup/ folder I get âpermission deniedâ. How do I fix the permissions?
EDIT: I guess thatâs because perhaps Iâm currently connected to the Ubuntu host rather than HassIO? Time for some more learningâŠ
No.
Itâs because there are permissions applied to the directory on the host.
What do the permissions on that directory tell you? Read those and see what can be done. There are ways around it but you need to understand what youâre doing
environment->scp/shell sudo su-
yes you are connected to the ubuntu host⊠see the tutorial for how to use both
Yes. Owner is root.
Permissions allow for group and owner but not anyone else to write to it
You need to learn how to read those permissions BTW.
Its not quite clear⊠and it was too long ago that I last played around with anything remotely like this
I have installed the community SSH add-on and changed the port away from 22.
Pasted the public key into the add-on settings and restarted the add-on.
I have a file âauthorized_keysâ saved under root/home/sparky/.ssh (where sparky is the username), and that file has the public key I created using PuttyGen
In WinSCP I have selected âsudo su-â as per your post above, and I have entered the location of the private key under SSH/authentication (hoping that was the correct thing to do), entered username and password as per add-on settings.
I get connection refused when trying to connect. Also tried without the private key entered
ok⊠you have 2 options⊠use port 22 and go into ubuntu and then use the sudo-su and set the connection to the scp protocol and you can use your keys⊠but the key need to be in /sparky/.ssh/authorized_keys.
For hassio, the authorized key is part of the addon settings. You need to use username root and set the sftp to true and compatability mode true as well in the addon (as well as use a different port, not 22)
Then in winscp, you canât use scp use sftp
Took me forever to work that out
Trying âoption 1â on port 22 with your settings I can connect but donât have permission to transfer the snapshot file to the backup folder.
Trying âoption 2â to connect to HassIO I have the below in the SSH add-on which was the defaults but with a password entered and the public key pasted in from PuttyGen
{
âlog_levelâ: âinfoâ,
âsshâ: {
âenableâ: true,
âportâ: 223,
âusernameâ: âhassioâ,
âpasswordâ: âredactedâ,
âauthorized_keysâ: [
âssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEApXvavuF8KLPVphDZ1VRGVx+71w97oMlgaTNiagcIqo+HaKIxZWOzh5sgOgEvxhnYKUgFDenPHGyIvcLFwfP7/31vcIUqXJoFrVRpZW5MhM+Cbmvn2xOKiPHGwnG21oSe9rU8ADeb0kE5bvhXamFRbCBa8yIylYHp9N7Vz0dRjqhqwZv+AAMBxWm3G70EAuFW0aN6/e7pE3RzMu6TwVmY1IleWX2gPeEfzpok6/Cm17mAkZqGOVi9ypDgaO0Bedf4u4FJdgeY9OhmXDV7Bstuqyc/qdFdD4Wqr75qKPbegAyPuD8sMD/P8cuquGU5XZTRsbp8B+40sTRW89NjR8Vnuw== rsa-key-20190205â
],
âsftpâ: true,
âcompatibility_modeâ: true,
âallow_agent_forwardingâ: false,
âallow_remote_port_forwardingâ: false,
âallow_tcp_forwardingâ: false
},
âwebâ: {
âenableâ: true,
âportâ: 7681,
âusernameâ: âhassioâ,
âpasswordâ: âredactedâ,
âsslâ: true,
âcertfileâ: âfullchain.pemâ,
âkeyfileâ: âprivkey.pemâ
},
âshare_sessionsâ: true,
âpackagesâ: ,
âinit_commandsâ:
}
So I would thought that I should use hassio as the username and the âredactedâ password in WinSCP. That didnât work, neither did ârootâ as you suggested. In the settings for the connection I had linked to the saved location of the private key file which is saved on my laptop.
Not sure if this is required at ll but I havenât yet restarted the NUC since doing the Ubuntu install⊠would that matter at all?
the SSH add-on log doesnât look goodâŠ
[s6-init] making user provided files available at /var/run/s6/etcâŠexited 0.
[s6-init] ensuring user provided files have correct permsâŠexited 0.
[fix-attrs.d] applying ownership & permissions fixesâŠ
[fix-attrs.d] 10-hassio: applyingâŠ
[fix-attrs.d] 10-hassio: exited 0.
[fix-attrs.d] 50-ssh: applyingâŠ
[fix-attrs.d] 50-ssh: exited 0.
[fix-attrs.d] 51-sudoers: applyingâŠ
[fix-attrs.d] 51-sudoers: exited 0.
[fix-attrs.d] done.
[cont-init.d] executing container initialization scriptsâŠ
[cont-init.d] 00-banner.sh: executingâŠ
Hass.io Add-on: SSH & Web Terminal v3.7.1
SSH & Web Terminal access to your Home Assistant instance
From: Community Hass.io Add-ons
By: Franck Nijhof [email protected]amd64 / Ubuntu 18.04.1 LTS / HA 0.86.4 / SU 142 / stable
[cont-init.d] 00-banner.sh: exited 0.
[cont-init.d] 01-log-level.sh: executingâŠ
Log level is set to INFO
[cont-init.d] 01-log-level.sh: exited 0.
[cont-init.d] 02-updates.sh: executingâŠINFO: You are running the latest version of this add-on
[cont-init.d] 02-updates.sh: exited 0.
[cont-init.d] 10-requirements.sh: executingâŠ
WARNING: Logging in with a SSH password is security wise, a bad idea!
WARNING: Please, consider using a public/private key pair
INFO: Password is NOT in the Have I Been Pwned database! Nice!
FATAL: You can only enable SFTP when the SSH username is set to ârootâ
[cont-init.d] 10-requirements.sh: exited 1.
[cont-finish.d] executing container finish scriptsâŠ
[cont-finish.d] 99-message.sh: executingâŠOops! Something went wrong.We are so sorry, but something went terribly wrong when
starting or running this add-on.Be sure to check the log above, line by line, for hints.
[cont-finish.d] 99-message.sh: exited 0.
[cont-finish.d] done.
[s6-finish] syncing disks.
[s6-finish] sending all processes the TERM signal.
Dave - you must ROOT USERNAME TO USE SFTP. - itâs in the instructions for the addon.
There is zero reason you should not be successful as the sparky user on port 22 - is sparky a member of sudoers? ie does sparky have root permissions?
I tried root as the username and have that in the add-on now (I realised my mistake there).
As far as I know, âsparkyâ is in the sudo group⊠I tried to add it following your tutorial and it seemed to work. How do I check?
EDIT: i used this command:
grep -Po '^sudo.+:\K.* /etc/group
which worked and listed âsparkyâ as the only sudoer. I got it from here
Youâre confusing things profusely here.
SSH to the host as your user account is not the same as SSH to the add-on. They arenât connected in any way.
You seem to be mixing the 2 methods. Use one or the other.
You could have avoided all of this by understanding the permissions. You can CHange OWNer of the directory or CHange MODe on the directory. You could chmod the directory to 777 and your user (and any user of the system) would have access to read/write that directory or you can find out what group owns the directory and add your user to that group and mod the directory to 775
He should have access to the directory as the sparky user is a member of the sudoers group so his permissions seem ok. He seems to not have a permissions issue - only a Winscp config issue.
He might (I do) want to have access to the hass.io ssh addon as it gives you all the hass.io commands for updating and managing hassio. The 2 are different. He will be able to access the backup folder with both of course but there are good reasons to want/use both.
His permissions show that his user does NOT have access to the directory except for reading and executing. He doesnât have permission to write to the directory. This is plainly shown in his screenshot.
I agree he will want access to these also, but it seems like heâs getting confused on what system heâs actually connecting to. One thing at a time.
My permissions for that folder are EXACTLY the same when I am sshâed into the host system. I have no problem writing to that folder.
If he sets up Winscp properly, it accesses that as ROOT even when he is logged in as a non-root user.
As your user, not root? Because the file permissions state otherwise.
Yes as my user David - the only user (the root user does not even have a password and canât login anyway!)
What do you think setting the shell to sudo su does??? (If you donât do that you donât have permissions! In fact with cyberduck on my Mac, there is no way to do this which is a MEGA PITA)
The permissions written on the screenshot state otherwise but ok.
So wait, you CANâT write to that folder without root?
I know exactly what running sudo su does. Iâve been running Linux systems for 20 years. Iâve been in IT for 17âŠI am stating what I see in the screenshots, as I know how Linux permissions work.