Hassio in Docker - SSH Key - Host key verification failed - KVM Integration

Hi, I am currently integrating Alexa / echo with my KVM system, so I am able to start / stop and restart VM’s, etc. My HASSIO system is an Ubuntu VM in docker (https://www.juanmtech.com/set-up-hassio-in-docker-and-in-an-ubuntu-server/). This setup requires that the HASSIO systems ssh key is on the KVM host, and I have the correct command working from the HASSIO hosts CLI, but is not working from HASSIO itself as the docker instance is not accessing the ssh key of the host, I get this error:
Host key verification failed.
Im not that familiar with this, but this is my understanding.

Any help would be greatly appreciated.

Kind regards.

I eventually figured this out, I can now control (turn on, turn off, reboot, etc) my KVM VM’s with Alexa.
Here’s how I did it (this is also using the excellent Nabu Casa).

  1. SSH in to HASSIO
  2. $ docker ps -a
    (this is to find the correct docker ID, the line for me was homeassistant/qemux86-64-
    homeassistant:0.103.5, whihc gave me the ID of 58da6a62a2de)
  3. $ docker exec -it 7de1331b3d67 /bin/bash
    (this will give you shell access to the docker instance)
  4. $ mkdir /config/ssh
  5. $ ssh-keygen -t rsa -f /config/ssh/id_rsa
  6. $ ssh-copy-id -i /config/ssh/id_rsa [email protected]
    (replace the user and IP of the KVM host, this will copy the key to the KVM host)
  7. I then created some .sh script files in /config/scripts22/vm_turn_on.sh, etc
  8. Contents os turn_vm_on.sh:
#!/bin/bash
ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i /config/ssh/id_rsa [email protected] -tt 'bash -l -c "virsh start gaminigVM"'
  1. In shell_commands.yaml:
    vm_turn_on: '/config/scripts22/vm_turn_on.sh'
  2. Then in scripts.yaml:
vm_turn_on:
  sequence:
    service: shell_command.vm_turn_on
  1. Then on Alexa, say “discover new devices”, and it should discover ‘vm_turn_on’.

Hope this helps :slight_smile:

1 Like

Thx, this was helpful

I just stumbled across this topic here. From a security perspective it makes sense to check the host key of the other side. This is why I explicitly created a known_hosts file within /config/ssh and refered to it from the shell_command:

shell_command:
  turn_off_qnap_nas: ssh -o UserKnownHostsFile=/config/ssh/known_hosts -i /config/ssh/id_rsa [email protected] 'poweroff' 2>>/config/ssh-error.txt

2>>/config/ssh-error.txt is only needed for debugging purposes - it redirects the SSH call errors into a file.