Home Assistant Community Add-on: SSH & Web Terminal

That’s why I’m here: I seem to have suddenly lost network based ssh access, because ‘connection refused’. Now I just read this and learned the official ssh add-on is now “Terminal & SSH”, not to be confused with the community add-on “SSH & Web Terminal”.

Unfortunately, the ambiguity of these terms makes searching for the correct answer challenging.


How to fix your official “Terminal & SSH” add-on 8.4 and later

For @Geoff571 and anyone else who finds this thread and is looking for help with the official “Terminal & SSH” add-on, it looks like there is a new “Network” dialog box that needs to be updated and is not mentioned in the docs. By default it says 22/tcp, with “disabled” in the input field (greyed out). The Column header is “Host”. This is a bit ambiguous, since I thought it wanted to know what host interface to listen on (127.0.0.1 vs 0.0.0.0).

To (re)enable ssh access via the network, you need to enter the port number ‘22’ or what ever port you want to use. This will map that port from the hassio host into the running “Terminal & SSH” container. I believe a restart of the add-on is then needed so the container can get restarted with the docker -p equivalent.


Community Add-on Doc Suggestion

The About docs should be clearer to diffierentiate the two add-ons now that both add-ons have a web terminal.

These features should be highlighted more prominently as the reason to use the community add-on in my opinion:

  • Contains a sensible set of tools right out of the box: curl, Wget, RSync, GIT,
    Nmap, Mosquitto client, MariaDB/MySQL client, Awake (“wake on LAN”), Nano,
    Vim, tmux, and a bunch commonly used networking tools.

(I think both add-ons are using tmux now)

  • Runs on host level network, allowing you to open ports or run little daemons.
  • Runs with more privileges, allowing you to debug and test more situations.
  • Hardware access to your audio, uart/serial devices and GPIO pins.
  • Has access to the DBus of the host system.
  • Has the option to access the Docker instance running on the host system.
  • Have custom Alpine packages installed on start. This allows you to install
    your favorite tools, which will be available every single time you log in.
  • Execute custom commands on add-on start so that you can customize the
    shell to your liking.

Thanks

I should really be posting this some place else. But since this is where I found people looking for help:

Tracked this down. It looks like the same PR on the official add-on changed the name and disabled ssh access from the network.

Note: the description of the plug in is still “Allow logging in remotely to Home Assistant using SSH.” Given the change in this PR this isn’t what the official plug-in does any more. By default it now only allows access from the web terminal. That was a breaking change in my opinion.

1 Like

Thank you for your post – this has been driving me crazy. SSH across the network used to work fine, as you said, until they started renaming things. Were you able to restore access across the network, or are you limited to using only the web terminal? If so, what did you use for the “host”?

EDIT: Nevermind, I re-read your post and put 22 in the Host box and it’s back to working properly (very confusing and counter-intuitive…particularly since the log is already showing that the server is listening on Port 22 even when the Network box shows Disabled. I saw your bug request on the Github as well, and was less than thrilled by Frenck’s response as well. :confused:

@seandop -

  1. glad it wasn’t only me that was confused. I think this will bite others if/when they update their “SSH Server” add-on to find out that it no longer really supports ssh over the network.

  2. Yes, I did the same thing, I looked at the log saw ssh is listening on 0.0.0.0:22 and thought the port isn’t the problem. I forgot that was the view inside the container.

Could you guys please keep it on topic here? You are discussing issues with a completely different add-on, this is going to confuse users that have issues in the future. Please move the discussion, thanks.

2 Likes

Sorry about that.

@kazuki started a new thread here Ssh Connection refused So anything related to this change for the official ssh add-on should move there.

:tada: Release v7.2.0

Full Changelog

This release brings some new features, as well as general maintenance.

Commandline completion is added for the docker command, which is really helpful. Furthermore, automated integration with the Mosquitto and MariaDB add-ons has been improved.

Lastly, support for the upcoming Home Assistant Audio layer has been added. While this layer isn’t released yet, this add-on is now fully prepared.

Tools like the pulsemixer and aplay have been added to give you the possibility to play audio and manage the volume levels of your audio device(s). So, as soon as the new Audio layer is available, you can start using it.

:hammer: Changes

  • :shirt: Remove unnecessary execute permissions (#122)
  • :arrow_up: Upgrades add-on base image to v7.0.2
  • :sparkles: Include docker completions (#121)
  • :arrow_up: Upgrades ncurses to 6.1_p20200118-r2
  • :arrow_up: Upgrades tmux to 3.0a-r1
  • :sparkles: Adds support for new audio layer
  • :sparkles: Adds alsa audio utilities
  • :sparkles: Adds pulsemixer audio controls on the CLI
  • :hammer: Improve MySQL & MQTT services handling

Questions? Join our Discord server! https://discord.me/hassioaddons
Enjoying my add-ons? Consider supporting my work: https://patreon.com/frenck

1 Like

I am having an authentication problem when I try to use hass-cli commands from the terminal with this add-on (version 7.2.0). I am able to use hass-cli from the terminal in the VSCode add-on, however.

I am running HA Supervised 0.105.5 on an Ubuntu 18.04 host on a NUC. My add-on config is as follows (I’m using root in order to use WinSCP):

ssh:
  username: root
  password: ''
  authorized_keys:
    - >-
      ssh-rsa
      REDACTED
  sftp: true
  compatibility_mode: false
  allow_agent_forwarding: false
  allow_remote_port_forwarding: false
  allow_tcp_forwarding: false
zsh: true
share_sessions: true
packages: []
init_commands: []
web:
  ssl: false
  certfile: fullchain.pem
  keyfile: privkey.pem

I’m able to use hass-cli info but If I try to use any state or service command such as hass-cli -x state list I get the following error:

Trying to locate Home Assistant on local network...
Found and using http://192.168.0.151:8123 as server
Error while getting all states: 401: Unauthorized
Traceback (most recent call last):
  File "/usr/lib/python3.8/site-packages/homeassistant_cli/cli.py", line 40, in run
    result = cli.main(standalone_mode=False)
  File "/usr/lib/python3.8/site-packages/click/core.py", line 717, in main
    rv = self.invoke(ctx)
  File "/usr/lib/python3.8/site-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/lib/python3.8/site-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/lib/python3.8/site-packages/click/core.py", line 956, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/lib/python3.8/site-packages/click/core.py", line 555, in invoke
    return callback(*args, **kwargs)
  File "/usr/lib/python3.8/site-packages/click/decorators.py", line 64, in new_func
    return ctx.invoke(f, obj, *args, **kwargs)
  File "/usr/lib/python3.8/site-packages/click/core.py", line 555, in invoke
    return callback(*args, **kwargs)
  File "/usr/lib/python3.8/site-packages/homeassistant_cli/plugins/state.py", line 73, in listcmd
    states = api.get_states(ctx)
  File "/usr/lib/python3.8/site-packages/homeassistant_cli/remote.py", line 379, in get_states
    raise HomeAssistantCliError(
homeassistant_cli.exceptions.HomeAssistantCliError: Error while getting all states: 401: Unauthorized

and I also get a persistent notification in HA:

Login attempt or request with invalid authentication from 192.168.0.151

There are no errors in the add-on log.

I’m assuming this is user error rather than a problem with the add-on. Any help would be greatly appreciated.

The add-on simply installs the Home Assistant Core CLI. Please report your issue GitHub with that CLI repository. Thanks! :+1:

Thanks, Frenck, I really appreciate your reply. I’ll report the issue on the CLI GitHub repo. I’m curious if there is something different between how the HA Core CLI is installed in this add-on vs. in the VSCode add-on. It seems odd to me that it works in one but not the other, but then, I’m the first to admit I don’t understand how it all works under the hood :slightly_smiling_face:

Edited to add: I went to test something before I filed the issue, and today the hass-cli commands are working in the terminal in the SSH & Web Terminal add-on. I have changed absolutely nothing since I was having the issue yesterday (except that I think my Supervisor may have updated on its own). So, I won’t file an issue after all.

:tada: Release v7.3.0

Full Changelog

This is a general maintenance release.

:hammer: Changes

  • :arrow_up: Upgrades python3 to 3.8.2-r0
  • :sparkles: Add pulseaudio-utils
  • :arrow_up: Upgrades Home Assistant CLI to 4.1.0

Questions? Join our Discord server! https://discord.me/hassioaddons
Enjoying my add-ons? Consider supporting my work: https://patreon.com/frenck

1 Like

Hi,

tanks for the nice addon.
Is there a way to completely disable tmux for this addon? I prefer byubo which seems to have issues.
I have to unset TMUX and even then I get just dots and have to force restart the addon.

share_sessions and zsh is false in the config.

Hi

I thought the issue appeared after upgrading to 7.3.0 from 7.2.0, but I’ve tried restoring the previous version from a snapshot, but I also get the error.

It was working fine until yesterday or two days ago.

The log is

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] permissions: applying... 
[fix-attrs.d] permissions: exited 0.
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 00-banner.sh: executing... 

-----------------------------------------------------------
 Add-on: SSH & Web Terminal
 SSH & Web Terminal access to your Home Assistant instance
-----------------------------------------------------------
 Add-on version: 7.3.0
 You are running the latest version of this add-on.
 System: Ubuntu 18.04.2 LTS  (amd64 / qemux86-64)
 Home Assistant Core: 0.106.5
 Home Assistant Supervisor: 208
-----------------------------------------------------------
 Please, share the above information when looking for help
 or support in, e.g., GitHub, forums or the Discord chat.
-----------------------------------------------------------
[cont-init.d] 00-banner.sh: exited 0.
[cont-init.d] 01-log-level.sh: executing... 
Log level is set to DEBUG
[cont-init.d] 01-log-level.sh: exited 0.
[cont-init.d] docker.sh: executing... 
[cont-init.d] docker.sh: exited 0.
[cont-init.d] mosquitto.sh: executing... 
[22:48:08] DEBUG: Requested API resource: http://supervisor/services/mqtt
[22:48:08] DEBUG: Request method: GET
[22:48:08] DEBUG: Request data: {}
[22:48:08] DEBUG: API HTTP Response code: 200
[22:48:08] DEBUG: API Response: {"result": "ok", "data": {"host": "core-mosquitto", "port": 1883, "ssl": false, "protocol": "3.1.1", "username": "addons", "password": "ieti6oyuabi4oimee2eefae6aeg2AaSooxaiT0rei4ti9LiuReeV3jun5quae3ma", "addon": "core_mosquitto"}}

[cont-init.d] mosquitto.sh: exited 0.
[cont-init.d] mysql.sh: executing... 
[cont-init.d] mysql.sh: exited 0.
[cont-init.d] ssh.sh: executing... 
[22:48:09] DEBUG: Password SHA1: xxxxxxxxxx
[22:48:09] DEBUG: Requested API resource: https://api.pwnedpasswords.com/range/7307A
[22:48:09] DEBUG: API HTTP Response code: 200
[22:48:09] INFO: Password is NOT in the Have I Been Pwned database! Nice!
[22:48:09] WARNING: 
[22:48:09] WARNING: Logging in with a SSH password is security wise, a bad idea!
[22:48:09] WARNING: Please, consider using a public/private key pair.
[22:48:09] WARNING: What is this? https://kb.iu.edu/d/aews
[22:48:09] WARNING: 
[cont-init.d] ssh.sh: exited 0.
[cont-init.d] user.sh: executing... 
[22:48:09] NOTICE: Session sharing has been disabled!
fetch http://dl-cdn.alpinelinux.org/alpine/v3.11/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.11/community/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz
               pulseaudio-utils-13.0-r2[so:libc.musl-x86_64.so.1]
               libsndfile-1.0.28-r8[so:libc.musl-x86_64.so.1]
               tdb-libs-1.4.3-r0[so:libc.musl-x86_64.so.1]
               musl-utils-1.1.24-r0[so:libc.musl-x86_64.so.1]
               nghttp2-libs-1.40.0-r0[so:libc.musl-x86_64.so.1]
               protobuf-c-1.3.2-r3[so:libc.musl-x86_64.so.1]
               diffutils-3.7-r0[so:libc.musl-x86_64.so.1]
               gdbm-1.13-r1[so:libc.musl-x86_64.so.1]
               sudo-1.8.31-r0[so:libc.musl-x86_64.so.1]
               libstdc++-9.2.0-r3[so:libc.musl-x86_64.so.1]
               dbus-1.12.16-r2[so:libc.musl-x86_64.so.1]
               libbz2-1.0.8-r1[so:libc.musl-x86_64.so.1]
               zsh-5.7.1-r0[so:libc.musl-x86_64.so.1]
               libcom_err-1.45.5-r0[so:libc.musl-x86_64.so.1]
               libacl-2.2.53-r0[so:libc.musl-x86_64.so.1]
               file-5.37-r1[so:libc.musl-x86_64.so.1]
               libogg-1.3.4-r0[so:libc.musl-x86_64.so.1]
               openssh-sftp-server-8.1_p1-r0[so:libc.musl-x86_64.so.1]
               isl-0.18-r0[so:libc.musl-x86_64.so.1]
               libcurl-7.67.0-r0[so:libc.musl-x86_64.so.1]
               mpc1-1.1.0-r1[so:libc.musl-x86_64.so.1]
               mosh-server-1.3.2-r13[so:libc.musl-x86_64.so.1]
               libndp-1.7-r0[so:libc.musl-x86_64.so.1]
               libmagic-5.37-r1[so:libc.musl-x86_64.so.1]
               libxml2-utils-2.9.10-r2[so:libc.musl-x86_64.so.1]
               newt-0.52.21-r0[so:libc.musl-x86_64.so.1]
               flac-1.3.3-r0[so:libc.musl-x86_64.so.1]
               ncurses-6.1_p20200118-r2[so:libc.musl-x86_64.so.1]
               libpulse-13.0-r2[so:libc.musl-x86_64.so.1]
               icu-libs-64.2-r0[so:libc.musl-x86_64.so.1]
               pcre-8.43-r0[so:libc.musl-x86_64.so.1]
               oniguruma-6.9.4-r0[so:libc.musl-x86_64.so.1]
               tmux-3.0a-r1[so:libc.musl-x86_64.so.1]
               mozjs60-60.9.0-r0[so:libc.musl-x86_64.so.1]
               libffi-3.2.1-r6[so:libc.musl-x86_64.so.1]
               zlib-1.2.11-r3[so:libc.musl-x86_64.so.1]
               libmount-2.34-r1[so:libc.musl-x86_64.so.1]
               glib-2.62.5-r0[so:libc.musl-x86_64.so.1]
               zip-3.0-r7[so:libc.musl-x86_64.so.1]
               libgomp-9.2.0-r3[so:libc.musl-x86_64.so.1]
               nano-4.6-r0[so:libc.musl-x86_64.so.1]
               libprotobuf-3.11.2-r1[so:libc.musl-x86_64.so.1]
               libltdl-2.4.6-r7[so:libc.musl-x86_64.so.1]
               slang-2.3.2-r0[so:libc.musl-x86_64.so.1]
               apk-tools-2.10.4-r3[so:libc.musl-x86_64.so.1]
               libintl-0.20.1-r2[so:libc.musl-x86_64.so.1]
               htop-2.2.0-r0[so:libc.musl-x86_64.so.1]
               readline-8.0.1-r0[so:libc.musl-x86_64.so.1]
               libssh2-1.9.0-r1[so:libc.musl-x86_64.so.1]
               dhcpcd-8.1.2-r0[so:libc.musl-x86_64.so.1]
               make-4.2.1-r2[so:libc.musl-x86_64.so.1]
               speexdsp-1.2.0-r0[so:libc.musl-x86_64.so.1]
               libedit-20191211.3.1-r0[so:libc.musl-x86_64.so.1]
               libxdmcp-1.1.3-r0[so:libc.musl-x86_64.so.1]
               libgcc-9.2.0-r3[so:libc.musl-x86_64.so.1]
               libssl1.1-1.1.1d-r3[so:libc.musl-x86_64.so.1]
               orc-0.4.31-r0[so:libc.musl-x86_64.so.1]
               alpine-baselayout-3.2.0-r3[so:libc.musl-x86_64.so.1]
               mosquitto-libs-1.6.8-r0[so:libc.musl-x86_64.so.1]
               libnftnl-libs-1.1.5-r0[so:libc.musl-x86_64.so.1]
               libcrypto1.1-1.1.1d-r3[so:libc.musl-x86_64.so.1]
               perl-io-tty-1.12-r7[so:libc.musl-x86_64.so.1]
               libatomic-9.2.0-r3[so:libc.musl-x86_64.so.1]
               xz-libs-5.2.4-r0[so:libc.musl-x86_64.so.1]
               dbus-libs-1.12.16-r2[so:libc.musl-x86_64.so.1]
               popt-1.16-r7[so:libc.musl-x86_64.so.1]
               openssh-keygen-8.1_p1-r0[so:libc.musl-x86_64.so.1]
               pcre2-10.34-r1[so:libc.musl-x86_64.so.1]
               libxml2-2.9.10-r2[so:libc.musl-x86_64.so.1]
               libverto-0.3.1-r1[so:libc.musl-x86_64.so.1]
               c-ares-1.15.0-r0[so:libc.musl-x86_64.so.1]
               scanelf-1.2.4-r0[so:libc.musl-x86_64.so.1]
               gmp-6.1.2-r1[so:libc.musl-x86_64.so.1]
               mosquitto-clients-1.6.8-r0[so:libc.musl-x86_64.so.1]
               jq-1.6-r0[so:libc.musl-x86_64.so.1]
               libmm-glib-1.12.2-r0[so:libc.musl-x86_64.so.1]
               libasyncns-0.8-r1[so:libc.musl-x86_64.so.1]
               dialog-1.3.20191110-r0[so:libc.musl-x86_64.so.1]
               mpfr4-4.0.2-r1[so:libc.musl-x86_64.so.1]
               device-mapper-libs-2.02.186-r0[so:libc.musl-x86_64.so.1]
               alsa-plugins-pulse-1.2.1-r0[so:libc.musl-x86_64.so.1]
               openssh-server-8.1_p1-r0[so:libc.musl-x86_64.so.1]
               openssl-1.1.1d-r3[so:libc.musl-x86_64.so.1]
               openssh-8.1_p1-r0[so:libc.musl-x86_64.so.1]
[21:44:18] FATAL: Failed installing package build-base
[cont-init.d] user.sh: exited 1.
[cont-finish.d] executing container finish scripts...
[cont-finish.d] 99-message.sh: executing... 
-----------------------------------------------------------
                Oops! Something went wrong.

 We are so sorry, but something went terribly wrong when
 starting or running this add-on.
 
 Be sure to check the log above, line by line, for hints.
-----------------------------------------------------------
[cont-finish.d] 99-message.sh: exited 0.
[cont-finish.d] done.
[s6-finish] waiting for services.
[s6-finish] sending all processes the TERM signal.

The config is:

ssh:
  username: user
  password: passwd
  authorized_keys: []
  sftp: false
  compatibility_mode: false
  allow_agent_forwarding: false
  allow_remote_port_forwarding: false
  allow_tcp_forwarding: false
zsh: true
share_sessions: false
packages:
  - build-base
init_commands:
  - ls -la

I tried also changing the password and the username to root

Any suggestion?

Thanks

Hi, I had the same problem and maybe the cause root problem is “FATAL: Failed installing package build-base”
In config add-on I changed

packages:

  • build-base

by

packages:

I don’t know other problems for remove this package

regards,

Thanks!

That made it works.

Strangely I haven’t changed the configuration lately and suddenly it didn’t wok.

Hi, how can I change the default port (22) of SSH HA addon?

Right there:

I did try that but I connected to an empty (black screen) probably I did something wrong.
Should I first stop the addon, change the port - and restart it?

Nope, just change, save and restart.

ok I did it. thank you!