Hassio Integration with other entities using SSH

I always find setting up control of devices with Hassio, using SSH a little difficult to remember and I thought it might be useful to someone (and me the next time I need to do it) if I posted a complete guide.

cf Home Assistant Wake on Lan

Prerequisites: SSH add on

Here goes:

Generate SSH Key
from hassio (terminal), change to the config directory, Generate a passphraseless SSH key and push it to entity.

$ cd /config
$ mkdir .ssh
$ ssh-keygen -t rsa -b 2048

Response:

Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
......    cut     ......

Push Key to Entity

Next copy the files to ‘’/config/.ssh’’

$ cp /root/.ssh/* .ssh/

This is what we end up with:

$ ls .ssh
authorized_keys id_rsa id_rsa.pub known_hosts8

Next Copy your keys to the target server(s); ie for 192.168.1.185:

$ ssh-copy-id [email protected]
[email protected]’s password:

This command establishes trust between the server (192.168.1.185) and any SSH Client connecting to the server, using these keys to authenticate.

Note: You may wish to use a different user (not root); in my case I wish root access to the device

Now try logging into the machine, with ssh like this

$ ssh [email protected]

If everything worked then you should get an ssh connection to 192.168.1.185

Example Automation

In this case, as we are connecting as root we can issue any command we like from home assistant. In the following example we setup a shell_command which actually issues the command to the entity, using ssh; a Switch, which invokes the 'shell_command; and an Automation that uses the Switch…

shell_command

shell_command:
  turn_off_defiant: 'ssh -o UserKnownHostsFile=/config/.ssh/knownhosts -o StrictHostKeyChecking=no -i /config/.ssh/id_rsa [email protected] sudo shutdown -Ph now'

Switch

switch:
  - platform: wake_on_lan
    name: defiant_wol
    mac_address: "AA:BB:CC:DD:EE:FF"
    host: "192.168.1.185"
    turn_off:
      service: shell_command.turn_off_defiant

Automation

alias: NAS Drive OFF
initial_state: false
trigger:
  platform: state  
  entity_id: group.computers
  from: "on"
  to: "off"
  for: "00:05:00"
action:
  - service: switch.turn_off
    entity_id: switch.defiant_wol

That’s about it: Hope you find it useful!

You can find my homeAssistant setup right here on GitHub.

Hi, this seems very useful. Do I need to repeat the first part (pushing the key to the local entity etc) each time I restart HA? Also, why do we use the wake on lan command? (I know my questions are very novice - sorry for that)

Lastly, where do we add the shell_command? is it in the configuration.yaml?

Many thanks once again!

1. You only need to push the key once; once the 'trust’is established it’s done.
2. You don’t need to use the wake_on_lan command; run your shell_command any way you see fit

In my system I use the WOL command to turn on my computers using magic packet and it it convenient to use the turn_off mechanism in here to run the shell_command when I want to turn them off using HA.

PS: there are no dumb, novice or stupid questions , only stupid answers! Hope this helps your quest for knowledge. Have a good day!

Dear Andrew,

Many thanks for your kind and prompt response! This community is always amazing! I wish all the best to you!

Hi Andrew!

When I am trying to perform the copy I get an error:

[core-ssh config]$ cp /root/.ssh/* .ssh/
cp: can't stat '/root/.ssh/*': No such file or directory

If I try to recreate the key I get a message that the file exists and if I want to overwrite it. Therefore it does exist somewhere. if I cd to root and ls I do not see an .ssh directory but if I cd to it goes there. If I ls the /root/.ssh however I see no results. Any clues what could be wrong? Many thanks!

Looks like a permissions issue. Suggest use sudo to do the copy.

Thanks a lot! I will try and revert.

Dear Andrew, hi again. Unfortunately I am getting a response that sudo is not found.

[core-ssh config]$ sudo cp /root/.ssh/* .ssh/
bash: sudo: command not found
[core-ssh config]$

In case this help, I am running home assistant core 2022.7.7.(its running on a virtual machine).

Details:

Home Assistant 2022.7.7 Supervisor 2022.07.0 Operating System 8.4 Frontend 20220707.1 - latest

If you type

[core-ssh ~]$ ls /root/.ssh

what do you get?

I get the following:

authorized_keys id_rsa id_rsa.pub known_hosts known_hosts.old

“can’t stat” could indicate that your /root/.ssh/ directory is empty (it means “I cant find anything to copy”).

If the directory is empty then something went wrong when you generated your ssh keys.

did you get the response:

Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.

when you generated your keys?

Note that you can generate your ssh keys on any machine you like and use the same keys on all machines if you like.

Hi Andrew, and thanks a lot once again! Unfortunately ls on the said directory returns nothing.

Interestingly, however, the file has to be there because if I attempt to recreate the same key file, then I am asked if I want to overwrite it (see below). So it seems like it is some weird access issue.

Maybe I will try your suggestion to create the keys elsewhere - this might be the most efficient route indeed!

Once again, many thanks for your kind support!

[core-ssh config]$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): tplink54
**> tplink54 already exists. **
> Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in tplink54
Your public key has been saved in tplink54.pub
The key fingerprint is:

No worries. I would be grateful if you let me know if this option worked for you.

Hi, unfortunately no. Even though I created the files through Git, I am not able to do anything, since the commands are not recognized (see below). If you have any ideas, they are more than welcome.

[core-ssh .ssh]$ cd /config
[core-ssh config]$ cd .ssh
[core-ssh .ssh]$ ls
id_rsa id_rsa.pub
[core-ssh .ssh]$ $ ssh-copy-id [email protected]
bash: $: command not found
[core-ssh .ssh]$ ssh [email protected]
Unable to negotiate with 192.168.1.95 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
[core-ssh .ssh]$

I think your issue is with the host 192.168.1.95. I don’t know how to fix this. It looks like the encryption method being used by your host is incompatible with HA.

Hey Andrew!

I just wanted to say thanks! This was exactly what I needed to control my Magic Mirror from Home Assistant.

Thank you so much!

You are welcome

Hi,
I really could use something like this, but can’t get it to work. When I follow the steps given, then I can log on the PI through the HA terminal without password - and when I use the command:
ssh -o UserKnownHostsFile=/config/.ssh/knownhosts -o StrictHostKeyChecking=no -i /config/.ssh/id_rsa [email protected] sudo shutdown -Ph now, in the same terminal it shuts down the PI. BUT when I put the command in the configuration.YAML and run it as a service in dev. tools it doesn’t work and gives me:
Warning: Identity file /config/.ssh/.pub not accessible: No such file or directory.\nFailed to add the host to the list of known hosts (/config/.ssh).\r\nPermission denied, please try again.\r\nPermission denied, please try again.\r\[email protected]: Permission denied (publickey,password).

Anybody knows what could be wrong?

Check your config/.ssh directory looks something like…

[core-ssh ~]$ ls config/.ssh -l
total 20
-rw------- 1 root root 398 Jul 2 2020 authorized_keys
-rw------- 1 root root 1823 Jul 2 2020 id_rsa
-rw-r–r-- 1 root root 395 Jul 2 2020 id_rsa.pub
-rw-r–r-- 1 root root 175 Jul 2 2020 known_hosts
-rw-r–r-- 1 root root 713 Jun 6 2022 knownhosts

Just wanted to say your old post is still a life saver.
I could not get it to work following the guide on how to shut down on the official page Wake on LAN - Home Assistant
But after many tries and searches I found your post and boom, it works.
Thanks!