FTP into HASSOS

josephny · February 4, 2023, 5:10pm

I’m running HASSOS on a PC.

I understand there is an FTP addon within HA.

I did not install it.

A port scan (local) of the machine shows FTP is open.

When I ftp to the IP of the machine, it asks for user/pass

I tried my HA credentials, but they don’t work.

Does the underlying OS have it’s own FTP server? How do I know the user/pass for it?

Thanks!

FloatingBoater · February 4, 2023, 6:39pm

Hi,
I’m running HASSOS on a Yellow (really a RPi CM4) which has a hypervisor, supervisor, and a VM running HASS, and don’t see the hypervisor exposing anything other than SSH 22/tcp on low ports on the local LAN interface:

$ sudo nmap -sT homeassistant.local
PORT     STATE SERVICE
22/tcp open  ssh
MAC Address: E4:5F:DE:AD:BE:EF (Raspberry Pi Trading)

$ sudo nmap -sT -p T:80-9000 homeassistant.local
PORT     STATE SERVICE
1883/tcp open  mqtt
1884/tcp open  idmaps
4357/tcp open  qsnet-cond
5355/tcp open  llmnr
5580/tcp open  tmosms0
8123/tcp open  polipo
MAC Address: E4:5F:DE:AD:BE:EF (Raspberry Pi Trading)

If you bring up a web shell, you can see the ‘inside out’ view doesn’t connect directly to the LAN (hint: netstat -p). I have run add-on(s) like SAMBA in the past, and Frank does package a FTP server*, but personally, I find it easier to use a web shell in HASS to scp/sftp out to other machines (e.g. to copy backups).

Do these creds work perhaps (FTP add-on default)?

username: hassio
password: changeme

I’d check your Add-ons config, and each one should have a Configuration tab to set non-default creds/ keys.

Home Assistant Community Add-on: FTP

If this helps, this post!

josephny · February 5, 2023, 3:31pm

Thank you for the help.

Can you explain how to bring up a web shell?

FloatingBoater · February 5, 2023, 5:54pm

Hi,
Very easy to add a web-shell - there are two HASS Add-Ons which do the same thing, namely give you a CLI shell into core HASS from the web interface. Add it to the side-panel, and you’re done (Top Tip: Shift-Click to copy text).

Web shells are often easier than using SSH directly for basic admin tasks (e.g. to scp files in/out, such as to copy backups, config files, or media).

HASS → Settings → Add-on Store → search for terminal, Install
Or click this “My Home Assistant” link:

Terminal & SSH
addons/ssh at master · home-assistant/addons · GitHub

Whilst you’re in the Add-On Store, I’d also suggest adding File editor and Log Viewer add-ons as they are very useful when starting to understand how things like automations work.

Other stuff like the Mosquitto broker (a MQTT install guide is available), Samba share, and ESPHome might be useful later once you’ve found your feet in HASS.

(The other web shell option is installed via HACS, but save the complexities of “unofficial” software for a few months in the future!)

If this helps, this post!

josephny · February 5, 2023, 6:09pm

Great.

I have Terminal installed and working.

But, both sudo and nmap are not found.

netstat works.

whoami shows root

FloatingBoater · February 5, 2023, 6:36pm

Your shell is in the HASS container, so you can’t see the LAN to look for ports mapped through the hypervisor. It’s basic to prevent attackers from “living off the land” by running pre-installed tools. I used a seperate Linux box for the nmap portscans shown.

As an example - from the webshell, try ip a and you’ll likely see an IPv4 172/23 address, not that used by the LAN (which should be also shown in the initial login text under eth0).

You mentioned running a portscan of the HASS IP, which must have been external?

Look under Add-Ons again for a FTP server, and that you’re scanning the right machine (not the first time someone’s been off by one IPv4 !).

Test ftp again, perhaps telnet foo 21, and check the HASS logs for any signs?