Home Assistant Add-on: home-assistant-ssl-from-asus-router

Not sure if it is just the filepath. I am running an Asus RT-AX88U on Firmware Version: 3.0.0.4.386_49674 and get similar error when running the scp command manually from another machine. When trying to use scp from while ssh’d to the router the command is not found. My suspicion Asus original firmware does not include scp command.

P.S: I couldn’t get the add-on running after cloning your git to the add-on folder. From Supervisor log:
22-08-25 20:45:13 WARNING (SyncWorker_3) [supervisor.store.data] No repository information exists at /data/addons/git/home-assistant-ssl-from-asus-router

Not sure if this is your repo or I cloned it wrong…

This is great work and exactly what I need!

I have one suggestion, if I may: some people, like me, might want to keep their original Asus firmware for one reason or another. From what I understand, you get the certificates via SCP, which is not present in the asus fw. There seem to be ways to install scp by adding a usb storage device and a package manager on it, but this seems a bit of an overkill.

As such, would you be able to do a binary file copy using ssh alone instead of SCP (e.g. linux - How to copy a file without using scp inside an ssh session? - Super User)?

I’ve forked your project so that it works with SSH instead of SCP, as stock asus routers like mine don’t have it.

3 Likes

Hi,
I need som help. I get this error and I’m stuck.

I only have a file called authorized_keys in my /root/.ssh directory.


s6-init] making user provided files available at /var/run/s6/etc…exited 0.
[s6-init] ensuring user provided files have correct perms…exited 0.
[fix-attrs.d] applying ownership & permissions fixes…
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts…
[cont-init.d] 00-banner.sh: executing…

Add-on: Refresh SSL Cert From Stock Asus DDNS Router
An Add-on that help refresh the SSL certificate under the /SSL folder from Stock Asus Router DDNS

Add-on version: 0.1.0
You are running the latest version of this add-on.
System: Home Assistant OS 9.3 (amd64 / qemux86-64)
Home Assistant Core: 2022.11.2
Home Assistant Supervisor: 2022.10.2

Please, share the above information when looking for help
or support in, e.g., GitHub, forums or the Discord chat.

[cont-init.d] 00-banner.sh: exited 0.
[cont-init.d] 01-log-level.sh: executing…
[cont-init.d] 01-log-level.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
Getting Router Public RSA Key…

192.168.1.1:1025 SSH-2.0-dropbear

Creating /root/.ssh
Setting id_rsa file…
Touching /root/.ssh/known_hosts…
Setting /root/.ssh/known_hosts Permission…
total 4
-rw-r–r-- 1 root root 0 Nov 10 08:53 known_hosts
-rw------- 1 root root 2609 Nov 10 08:53 id_rsa
Saving know hosts…
Not known Host, adding…
[192.168.1.1]:1025 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCG1escNjZCK/rzUpAC3Vhxj2zpiFNct2mSu5MDUrRYSpQue6WIe4bYPYp9WZj8MPCiwjt+mSYCf0fwMo4Oueq+IaSpNRh7viN1hvovmuCNqbdKdh26fh0GNn0tjKkWwafCmALKx+zY21jWGpRvwwlMSgAEbZ2jg4t31MYkQdaPqnuWmQSG9kOscDtJNgZDQTMzfAW9GvpT9yxULZSJUiju9uNzFULVRazKj3jqI6p2+sbrkOhpV4T2MJxsGdNrHptBFk0vhd8tWmMLg1ZUhPDM0qxACkhAG4lQcBNYL0MO18WOi7kHLJv5itL4jr0Cqn7hBxLALtHS+/hhE/Th4L0/
sshing…
Load key “/root/.ssh/id_rsa”: invalid format
Permission denied, please try again.
Permission denied, please try again.
Connection closed by 192.168.1.1 port 1025
[cmd] /run.sh exited 255
[cont-finish.d] executing container finish scripts…
[cont-finish.d] 99-message.sh: executing…

            Oops! Something went wrong.

We are so sorry, but something went terribly wrong when
starting or running this add-on.

Be sure to check the log above, line by line, for hints.

[cont-finish.d] 99-message.sh: exited 0.
[cont-finish.d] done.
[s6-finish] waiting for services.
[s6-finish] sending all processes the TERM signal.

I am pasting GitHub - s92025592025/home-assistant-ssl-from-asus-router
In the add-one store , what im i doing wrong?
It won’t add
“…” is not a valid add-on repository

  1. Get Samba add-on and configure it
  2. On GitHub, click the green <> Code button and select “Download”
  3. Unpack the archive and place it into the “addons” folder via Samba (i.e. connect remotely to your HomeAssistant folders)
  4. Go to http://homeassistant.local:8123/hassio/store and add/configure the addon there
1 Like

I’m struggling with this one as well. Really wasn’t sure where to find the correct config for:

rsaPrivateKeyPath:
keyFilePathOnRouter:
certFilePathOnRouter:

I thought I worked it out but get the following error when I start the add-on. Any suggestions?

[s6-init] making user provided files available at /var/run/s6/etc…exited 0.
[s6-init] ensuring user provided files have correct perms…exited 0.
[fix-attrs.d] applying ownership & permissions fixes…
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts…
[cont-init.d] 00-banner.sh: executing…

Add-on: Refresh SSL Cert From Stock Asus DDNS Router
An Add-on that help refresh the SSL certificate under the /SSL folder from Stock Asus Router DDNS

Add-on version: 0.1.0
You are running the latest version of this add-on.
System: Home Assistant OS 9.4 (aarch64 / raspberrypi4-64)
Home Assistant Core: 2023.1.7
Home Assistant Supervisor: 2023.01.1

Please, share the above information when looking for help
or support in, e.g., GitHub, forums or the Discord chat.

[cont-init.d] 00-banner.sh: exited 0.
[cont-init.d] 01-log-level.sh: executing…
[cont-init.d] 01-log-level.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
Getting Router Public RSA Key…
[cmd] /run.sh exited 1
[cont-finish.d] executing container finish scripts…
[cont-finish.d] 99-message.sh: executing…

            Oops! Something went wrong.

We are so sorry, but something went terribly wrong when
starting or running this add-on.

Be sure to check the log above, line by line, for hints.

[cont-finish.d] 99-message.sh: exited 0.
[cont-finish.d] done.
[s6-finish] waiting for services.
[s6-finish] sending all processes the TERM signal.

Excellent add-on If I could get it to work on my HA… I have Stock Asus and installed the SSH-fork of this addon. Here are my log, says nothing to me… any hints welcome

[s6-init] making user provided files available at /var/run/s6/etc…exited 0.
[s6-init] ensuring user provided files have correct perms…exited 0.
[fix-attrs.d] applying ownership & permissions fixes…
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts…
[cont-init.d] 00-banner.sh: executing…

Add-on: Refresh SSL Cert From Stock Asus DDNS Router
An Add-on that help refresh the SSL certificate under the /SSL folder from Stock Asus Router DDNS

Add-on version: 0.1.0
You are running the latest version of this add-on.
System: Home Assistant OS 9.5 (amd64 / generic-x86-64)
Home Assistant Core: 2023.1.7
Home Assistant Supervisor: 2023.01.1

Please, share the above information when looking for help
or support in, e.g., GitHub, forums or the Discord chat.

[cont-init.d] 00-banner.sh: exited 0.
[cont-init.d] 01-log-level.sh: executing…
[cont-init.d] 01-log-level.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
Getting Router Public RSA Key…

familjen24.asuscomm.com:22 SSH-2.0-dropbear

Creating /root/.ssh
Setting id_rsa file…
Touching /root/.ssh/known_hosts…
Setting /root/.ssh/known_hosts Permission…
total 4
-rw-r–r-- 1 root root 0 Jan 31 08:27 known_hosts
-rw------- 1 root root 1675 Jan 31 08:27 id_rsa
Saving know hosts…
Not known Host, adding…
familjen24.asuscomm.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCD0u+vOJwssNef1fROuu9INC5Mc9zjp6zMA5JKBigVLQZWad0YqoYuQJtvioBhNFdtQ+WUCnlmyATfeYr4bzOtsT24B4TOmGB1SoDXxqod2Qc13itgepD68yBa+hOYI4isIdHQ14SnwZvpPFIhvO4Zv0rAEJeArd8Iq50TeIn6fVIzQgszkSW1liCkGXl5sUrEvqGJWDMnZ1rLpOhxua6ysxIrqP9pNHlUqjCchFFWte3u3b6qkM5xxx7t3Q4vVy/QM0GBW0hwX/K8Oq6mPlhhOo93V9CpzSP6z0M46yLzP7OyxVvJ3EJaHGETef7mtFq50AhtRwGlCJfGtRiTF
sshing…
[cmd] /run.sh exited 0
[cont-finish.d] executing container finish scripts…
[cont-finish.d] 99-message.sh: executing…
[cont-finish.d] 99-message.sh: exited 0.
[cont-finish.d] done.
[s6-finish] waiting for services.
[s6-finish] sending all processes the TERM signal.

I have GS-AX3000 with the stock firmware, and here is my config:

rsaPrivateKeyPath: rsa/asusrouter
keyFilePathOnRouter: /tmp/etc/key.pem
certFilePathOnRouter: /tmp/etc/cert.pem

My private key for the SSH is located in /config/rsa, file name is “asusrouter” (the one generated with ssh-keygen)

My log is about the same, except for the line after the “Not known Host, adding…”:

Not known Host, adding...
[192.168.50.1]:5555 ssh-rsa

I don’t see my hostname at all in the log, are you trying to connect to the router through WAN or LAN? And if WAN, do you have WAN SSH enabled? What port are you using and are you sure your ISP doesn’t block it?
I have it configured the following way, with an access from LAN:

routerUser: admin
routerIp: 192.168.50.1
routerSshPort: 5555

In my router settings I changed the default 22 port to 5555, as Asus recommends that for the security reasons.

Also, what’s in the SSL folder? I have my files there, but if you’re rookie like me, make sure you disabled the “enforce basepath” option in the File Editor configuration and are not trying to find the files in /config/SSL

please help, here is such an error, I’m sitting for the second day, I can’t do it,



It seems like the problem is the router’s private key not being in the right format.
Have you successfully SSH’d into your router with that key from another computer?
Try creating a new private key.

Hi there,

I used to run home Assistant on my ASUSTOR NAS, but since it uses quite a lot of power (50W with spinning disks isn’t abnormal), I’ve now set it up on a mini PC which uses only 5W. Downside is I now have to set up the certs myself and it’s driving me nuts… I keep getting a connection refused error:

[cont-init.d] 00-banner.sh: exited 0.
[cont-init.d] 01-log-level.sh: executing…
[cont-init.d] 01-log-level.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
Getting Router Public RSA Key…
write (192.168.0.2): Connection refused
[cmd] /run.sh exited 1
[cont-finish.d] executing container finish scripts…
[cont-finish.d] 99-message.sh: executing…

What am I doing wrong? What I did is:

-Create a SSH key using Putty (default settings)
-Pasted the public key in the authorized keys section of the router
-Saved the private.ppk file on the HA machine under config/rsa/private.ppk
put the following configuration in:
routerUser: username
routerIp: 192.168.0.2
routerSshPort: 22517
rsaPrivateKeyPath: rsa/private
keyFilePathOnRouter: /tmp/etc/key.pem
certFilePathOnRouter: /tmp/etc/cert.pem
(paths adopted as suggested above)

and I keep getting the “write (192.168.0.2): Connection refused” error. it’s driving me nuts :grimacing:

Tried using putty to log in with the keys and same IP and port and all is well…

A…shoot…
tried your fork and although it get’s me further I now get the dreaded
“Load key “/root/.ssh/id_rsa”: invalid format” error…

EDIT:
It just doesn’t like Putty key’s, use SSH-Keygen files and everything goes as expected… I feel dum now :o

Hi !
I’m trying an Asus Tuf-Ax5400.

I don’t know what to write here, I copied them from above

rsaPrivateKeyPath: rsa/asusrouter
keyFilePathOnRouter: /tmp/etc/key.pem
certFilePathOnRouter: /tmp/etc/cert.pem

I got this error:

Add-on version: 0.1.0
You are running the latest version of this add-on.
System: Home Assistant OS 10.3 (aarch64 / raspberrypi4-64)
Home Assistant Core: 2023.7.3
Home Assistant Supervisor: 2023.07.1

Please, share the above information when looking for help
or support in, e.g., GitHub, forums or the Discord chat.

[cont-init.d] 00-banner.sh: exited 0.
[cont-init.d] 01-log-level.sh: executing…
[cont-init.d] 01-log-level.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
Getting Router Public RSA Key…
write (192.168.1.1): Connection refused
[cmd] /run.sh exited 1
[cont-finish.d] executing container finish scripts…
[cont-finish.d] 99-message.sh: executing…

            Oops! Something went wrong.

We are so sorry, but something went terribly wrong when
starting or running this add-on.

Be sure to check the log above, line by line, for hints.

[cont-finish.d] 99-message.sh: exited 0.
[cont-finish.d] done.
[s6-finish] waiting for services.
[s6-finish] sending all processes the TERM signal.

What type of key files are you using? I previously had used this version with a PuttyGen generated key file, that gave me the same error as you have. Then I tried the fork mentioned above, which failed in a different way. Then I created a new keyfile using SSH-keygen and tried that with the fork, and now all is well!

Nothing, I don’t even know what it takes. I didn’t read anywhere in the description what to do about this.

Uhm, sorry to tell you, but I’m afraid that you’ll then first have to read up on creating the private and public keys for your router. It’s what this addon uses to log into your router instead of a username/password. So you first have to create the keys, enter the key in the authorized_key field of the router to tell the router what credentials you’ll be using to log in and that it can trust those. Then you have to put the keys on your HA install and tell it to use those keys to log in to the router. That’s the whole thing behind the addon…

1 Like

Ohhh, thank you very much, it’s clear now.

It was strange to me that don’t need any password to access the router.

How and where can I make rsa keys?
On Home Assistant with openssh?
Puttygen on a Windows PC?

Do I have to enable the keys here in the router?

I wish I’ve found this post before. In any case now there’s alternative which also has automation to renew certificate, so no manual update. Using Let’s Encrypt Certificate From Asus Router for SSL - Configuration - Home Assistant Community (home-assistant.io) .
Feel free to checkout our improve your add-on.

1 Like