Git Push Setup with ssh key issue

I have 2 issues.

  1. Running shell_command via the frontend does not push new edits to github. It only commits. However, if I run it via the cli, it works.
  2. How to prevent HA deleting /etc/ssh/ssh_config after every update of HA?

Docker HassOS on a rpi3

I have managed to setup a backup script using git on github. gitupdate.sh is placed in my config folder and backs up my files inside config folder. I run it by using the ssh & web terminal add-on.

I told it a step further and setup ssh key where I don’t need to add my github username and password everything I run the script and I also want to setup a one button press anything I need to backup the folder on a fly.

Issue 1: While the script works when I run it via the cli. That is it commits and push the new folder to my repo. However, when I run it in the frontend using shell command, it does not fully work. It seems to only commit and not push. I know this because, if I run it via the cli, it says Your branch is ahead of 'origin/master by xx commits. There isn’t any error in the log I can see.
git-push

Issue 2: The script breaks where the ssh key is denied. The reason is that HA install a fresh /etc/ssh/ssh_config file whenever I update HA. How to prevent this from happening or what can I do to have that file retain this settings?

Host *
HashKnownHosts yes

User git
PubkeyAuthentication yes
IdentityFile ~/.ssh/id_git

Here are my settings and config files.

/config/gitupdate.sh

#!/bin/sh
REPO='/config/'
COMMIT_TIMESTAMP=`date +'%Y-%m-%d %H:%M'`
DATELOG=`date +'%Y-%m-%d-%H-%M-%S'`

GIT='git'
NOTIFY=`which notify-send`

# Only proceed if we have a valid repo.
if [ ! -d ${REPO} ]; then
  echo "${REPO} is not a valid git repo! Aborting..."
  exit 0
else
  echo "${REPO} is a valid git repo! Proceeding..."
fi

echo
echo "Git Output..."
echo

cd ${REPO}
${GIT} add .
${GIT} commit -am "Commit on ${COMMIT_TIMESTAMP}"
${GIT} push origin master

echo
echo 'KB Notification: Changes were pushed to GitHub.'
echo

Setup using frontend HA:

shell_commands.yaml

# backup config files
  gitupdate: '/bin/sh /config/gitupdate.sh'

groups.yaml

  gitupdate:
    name: Update Github
    icon: mdi:home
    entities:
      - script.gitupdate

scripts.yaml

  gitupdate: 
    alias: Gitupdate
    sequence:
      - service: shell_command.gitupdate

Issue 2: The script breaks where the ssh key is denied. The reason is that HA install a fresh /etc/ssh/ssh_config file whenever I update HA. How to prevent this from happening or what can I do to have that file retain this settings?

I have fixed issue # 2 in the OP by directing github to look for the ssh key in the gitupdate.sh file rather than looking in ssh_config file. Here is the updated file.
gitupdate.sh

#!/bin/bash

REPO='/config/'
COMMIT_TIMESTAMP=`date +'%Y-%m-%d %H:%M'`
DATELOG=`date +'%Y-%m-%d-%H-%M-%S'`
#LOG="/mnt/www/log/${DATELOG}.txt"

GIT='git'
SSH='ssh -i ~/.ssh/id_git -F /dev/null'
NOTIFY=`which notify-send`

# Only proceed if we have a valid repo.
if [ ! -d ${REPO} ]; then
  echo "${REPO} is not a valid git repo! Aborting..."
  exit 0
else
  echo "${REPO} is a valid git repo! Proceeding..."
fi

echo
echo "Git Output..."
echo

cd ${REPO}
${GIT} config core.sshCommand "${SSH}"
${GIT} add .
${GIT} commit -am "Commit on ${COMMIT_TIMESTAMP}"
${GIT} push origin master

echo
echo 'Notification: Changes were pushed to GitHub.'
echo

exit

I still have not figure out Issue #1. Help.

Did you ever figure this out? Having the exact same issue (#1 listed above)

No, unfortunately. Really stumped.

I am actually wondering if it is because the SSH addon is actually running in a separate docker? I don’t know. It seems like a permission issue

I have found a post or 2 where they got it working. Now, whether they had install the ssh addon on a docker install I do not know. But you maybe correct.

Got it working now.

I was looking around for answers and was reading the ssh & Web Terminal documentation. At the bottom, it states you can execute the add-on as a service: hassio.addon_stdin.

Tested and it works.

Sample:

automation:
  - alias: "Example my script"
    trigger:
      platform: state
      entity_id: binary_sensor.motion_sensor
      to: "ON"
    action:
      service: hassio.addon_stdin
      data:
        addon: a0d7b954_ssh
        input: /bin/sh "/config/scripts/gitupdate.sh"

Well, the above was wondering now has stopped working 2 months ago when I noticed the files are not updated for the past 2 months. I think one of the HA updates had breaking changes or whatnot. I am stump as how to fix it. Anyone have a working solution, please share.

The ssh addon removed the stdin function so that is why it no longer works. I have been trying for 3 days now to get it working as a shell command for use in an automation.

I have had no issues getting a script setup that works if i run it manually but hitting host key errors when i try to run it from an automation.

Surely we cannot be the only ones with this setup. There has got to be others doing the same with success. Please share.

I have it working, though likely have violated some people with regards to security.

I was seeing a host key failure message previously (code 128 to be specific).

I tried lots of things, adding a known_hosts file to my config/.ssh folder, copying pub keys to github all over the place etc. Nothing really changed compared to my original setup after following this Peyanski Guide

Working setup is as follows.

configuration.yaml

shell_command:
  push_to_github: cd /config && bash ./gitpush.sh

config/gitpush.sh

cd /config
git config core.sshCommand 'ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i /config/.ssh/id_rsa -F /dev/null'
git add .
# Commit changes with message with current date stamp
git commit -m "config files on `date +'%d-%m-%Y %H:%M:%S'`"

# Push changes towards GitHub
git push -u origin master

Automation

alias: Github backup
description: Push configuration to github repo [user]/[repository]
trigger:
  - at: '21:23:45'
    platform: time
condition: []
action:
  - service: shell_command.push_to_github
    data: {}
mode: single

The cd command in the script may be redundant but i have not tested without yet.

Really the thing that made it work was the core.sshCommand line which turns off the key checking. I am no expert on this and am continuing to do more research as to what the implications are of having that in there, but at least I’ve got a nightly backup working now.

A slightly more secure version of @SgtBatten’s script is updating the SSH= line from the original @duceduc script to

SSH='ssh -o UserKnownHostsFile=/config/.ssh/known_hosts -i /config/.ssh/id_git -F /dev/null'

Run once from the shell manually to accept github.com in known_hosts, then it works from HA.

1 Like