Debug access with SSH without USB import

I was trying to enable ssh access over port 22222 with help from this guide https://developers.home-assistant.io/docs/en/hassio_debugging.html

There it says I should use an USB key to import the authorized_keys file but I guess it should be feasible with SFTP as well?

Where should this file go?

All I get is:
ssh: connect to host 192.168.0.101 port 22222: Connection refused

chicken meet egg.

I believe ssh requires the authorized_keys file, but you are trying to use ssh to install authorized_keys file.

SSH only needs the authorized key file if you want to log in with a public/private key pair. I assume this is how hassio sets it up for you, but…

Connection Refused means that SSHd is not running on that port. If it was you would get

Permission Denied (Public Key)

Or a password prompt if challenge response authentication was still enabled.

SFTP is a protocol usually provided by SSH, so probably not going to help. As Nick says, chicken and the egg.

sshd only runs if the authorized_keys file is present.

1 Like

I can login via SSH on port 22 with password login enabled. Then I also get the Hass.IO logo and can access the file system. But as I understand it I need to access through port 22222 to get full access to the CLI or have I misunderstood it?

SFTP access is also enabled and works fine

When you connect on port 22, you are talking to Hassio. If you need connectivity to the underlying host OS (HassOS in your case), then you would need to set up and connect to port 2222. Typically, you shouldn’t need this. I have been running Hassio since fairly early days, and have never needed to set up or use port 2222.

By setting up port 22, as you have, you can get the important stuff done.

Thank’s, that sound promising

Im totally disagree with your opinion.

In my case i need access to the Hassio via port 22222. This is mandatory to control my Synology Nass via SSH. As an example i would like to shutdown it via ssh

I think you are confused.

Are you looking to shutdown home-assistant or the host os?

I have not looked at installing HassIO on Synology, but if it has the Supervisor, then, NO you should not need access to port 2222 (ie HomeAssistant OS). If you install the SSH add-on, then you connect to port 22, you issue the command “ha host shutdown” to shutdown homeassistant OS or “ha core stop” if you want to shutdown the HA container.

Hi

In fact yes i need to access ssh over port 2222 i know is posible access to the SSH add-on, and connect to port 22, but in order to manage other host via SSH this is not possible with the method that´s why i need access to the real host!!!

Find below the procedure, problem is that im not able to import the authorizes key

I have no experience with Synology Nass but I guess that you have installed HA in a Docker container on the host OS of the Synology and you are trying to access the Host OS.

You probably need to set a seperate port in the SSH & Web Terminal add-on so that it does not conflict with the host OS. For example…

Port 22: access the host OS
Port 23: access the Home Assistant CLI
Port 22222: Home Assistant backend (you only need to access this if you are a developer)

I wrote a tutorial on how to install HA in Ubuntu, see the last section on SSH for more info, it might help you with this issue :slight_smile:

1 Like

@simposium
I had the same question as you did and found a way to skip the USB dance. Once you know (I didn’t ;-)) the full file path /root/.ssh/authorized_keys in the host filesystem you may get it there, But wait, for this you need the SSH access. There is a SSH & Web Terminal available to help.
I posted an attempt to address this below. Would have been more on topic in this thread. See below:

To do this without USB, we are going to create a file, then SCP it to the Home Assistant in the location we want it.

Create your authorized keys file and put it on the user home for a user which you can SSH with password into. eg on server 192.168.1.107 make the file /home/adamoutler/.ssh/authorized_keys exactly as you want it.

Then on home assistant machine with monitor and keyboard

  1. login as root (username root, no password)
  2. type login at the ha> prompt.
  3. type cd .ssh
  4. type scp [email protected]:/home/adamoutler/.ssh/authorized_keys ./authorized_keys
  5. reboot

I know, I put more into the commands than was required, but I feel it explains it better this way.

now you can do ssh -vt homeassistant.server -p22222

2 Likes

I got it only up and running when copying the public key into /root/.ssh/authorized_keys for HassIO in VirtualBox and Raspberry Pi.

Note: VirtualBox USB stick looks like not supported.

I found several other methods:

Create SSH keypair on (Linux) host

ssh-keygen
# Enter password twice
# Generated files:
#   Public key: ~/.ssh/id_rsa.pub
#   Private key: ~/.ssh/id_rsa

HassIO VirtualBox
Mount the VirtualBox VDI in another Linux VM and copy ~/.ssh/id_rsa.pub directly into /root/.ssh/authorized_keys (without file extension).

HassIO SD-card
Copy ~/.ssh/id_rsa.pub directly into the SD card hassos-overlay/root/.ssh/authorized_keys (no file extension).

HassIO HDMI and keyboard

  • Create a new file /config/authorized_keys file via the File editor addon and paste the output of ~/.ssh/id_rsa.pub.
  • Connect a HDMI monitor and keyboard.
  • Login with username root no password and type the following commands:
# Open root shell
login

# Move created authorized_keys
mv /mnt/data/supervisor/homeassistant/authorized_keys /root/.ssh/

# System reboot
reboot now

# Start SSH debug
ssh -p 22222 [email protected]<IP>

I hope this is useful.

I made an add-on that you put your ssh key in, hit start, then reboot. [Add-on] HassOS SSH port 22222 Configurator