Home Assistant Community Add-on: SSH & Web Terminal

Thanks, David! I appreciate your input. So, I opened the SSH terminal and you were right, when doing cat /sys/devices… I got the “no such file/directory exists.” Not sure if this is what you meant but I pluged my Home Assistant Blue to a screen and I attached a keyboard, tried to input the echo 20000 > sys/...... but get the error that echo is an “unknown command for ha”… Same thing with “cat /sys/…” I guess I will just plug the fan to an external power supply LOL

Yeah the host will similarly have limited commands available but I would have expected something like that to work. Maybe you were in the HA container, not the host still. You would need a HA supervised install or a VM to do this it seems.

ok, this is what I did:
Directly in the Odroid connected to my screen, I saw that there is a host command and options command. The host says that it is used for “control the host/system that Home Assistant is running on” and the options “allow to set options on host system.” So I typed the following command host options echo 20000 > /sys/devices/virtual/thermal/thermal_zone0/trip_point_4_temp and I got a message “command completed successfully” Now, the system is rebooted but fan refuses to start LOL right now I just ran out of ideas on what can be happening…

is it posible to access /dev/sda device inside SSH Terminal with any trick?

smartctl -a /dev/sda
smartctl 7.2 2020-12-30 r5155 [aarch64-linux-5.10.17-v8] (local build)
Copyright (C) 2002-20, Bruce Allen, Christian Franke, www.smartmontools.org

Smartctl open device: /dev/sda [USB JMicron] failed: Operation not permitted

Hey folks,

i have a huge problem with my SSH-Addon. I set up the greate “Remote Backup”-Addon and configured Authentication-Keys. Everything worked out fine until 2 days ago, or so.

Now i cant connect to my Backup-Server using SSH:

Home Assistant:

~ $ ssh -vvvT -i /ssl/id_ed25519 [email protected] -p 10222
OpenSSH_8.4p1, OpenSSL 1.1.1k  25 Mar 2021
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolve_canonicalize: hostname 192.168.178.5 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/root/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/root/.ssh/known_hosts2'
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug2: ssh_connect_direct
debug1: Connecting to 192.168.178.5 [192.168.178.5] port 10222.
debug1: Connection established.
debug1: identity file /ssl/id_ed25519 type 3
debug1: identity file /ssl/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.4
kex_exchange_identification: read: Connection reset by peer
Connection reset by 192.168.178.5 port 10222

Backup-Server:

sudo $(which sshd) -Dedp 10222 -o StrictModes=no -o SyslogFacility=DAEMON
Password:
/etc/ssh/sshd_config line 49: Deprecated option RSAAuthentication
debug1: sshd version OpenSSH_7.4, OpenSSL 1.0.2u-fips  20 Dec 2019
debug1: get user realname admin => admin
debug1: private host key #0: ssh-rsa SHA256:AKj/zYZkCABr6bNLH2RD+9GD1BW6SlxC/3BvlQCimcI
debug1: private host key #1: ssh-dss SHA256:hm4IvgaXLQ+gsBzdeIRsciWyy+NlHF4COjOMcuq+88A
debug1: private host key #2: ecdsa-sha2-nistp256 SHA256:82LPid3T8XAbt9UR46wcYSomcGJNOrRskweOT/0oO7A
debug1: private host key #3: ssh-ed25519 SHA256:9rtZC4k6sRprZCjQ6oJQJ1XmXTtjQ8ksGpqLsB8r43g
debug1: rexec_argv[0]='/bin/sshd'
debug1: rexec_argv[1]='-Dedp'
debug1: rexec_argv[2]='10222'
debug1: rexec_argv[3]='-o'
debug1: rexec_argv[4]='StrictModes=no'
debug1: rexec_argv[5]='-o'
debug1: rexec_argv[6]='SyslogFacility=DAEMON'
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 22 on 0.0.0.0.
Bind to port 22 on 0.0.0.0 failed: Address already in use.
debug1: Bind to port 22 on ::.
Bind to port 22 on :: failed: Address already in use.
debug1: Bind to port 10222 on 0.0.0.0.
Server listening on 0.0.0.0 port 10222.
debug1: Bind to port 10222 on ::.
Server listening on :: port 10222.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
rexec line 49: Deprecated option RSAAuthentication
debug1: sshd version OpenSSH_7.4, OpenSSL 1.0.2u-fips  20 Dec 2019
debug1: get user realname admin => admin
debug1: private host key #0: ssh-rsa SHA256:AKj/zYZkCABr6bNLH2RD+9GD1BW6SlxC/3BvlQCimcI
debug1: private host key #1: ssh-dss SHA256:hm4IvgaXLQ+gsBzdeIRsciWyy+NlHF4COjOMcuq+88A
debug1: private host key #2: ecdsa-sha2-nistp256 SHA256:82LPid3T8XAbt9UR46wcYSomcGJNOrRskweOT/0oO7A
debug1: private host key #3: ssh-ed25519 SHA256:9rtZC4k6sRprZCjQ6oJQJ1XmXTtjQ8ksGpqLsB8r43g
debug1: inetd sockets after dupping: 3, 3

These connections aren’t a problem:

  • Other Servers → Home-Assistant
  • Other Servers → Backup-Server
  • Home-Assistant → Other Servers

Just this connection is not working:

  • Home-Assistant → Backup-Server

I also get the error when connecting without any Keyfile:

~ $ ssh -vvvT 192.168.178.5
OpenSSH_8.4p1, OpenSSL 1.1.1k  25 Mar 2021
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolve_canonicalize: hostname 192.168.178.5 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/root/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/root/.ssh/known_hosts2'
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug2: ssh_connect_direct
debug1: Connecting to 192.168.178.5 [192.168.178.5] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa_sk type -1
debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_ed25519_sk type -1
debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.4
kex_exchange_identification: read: Connection reset by peer
Connection reset by 192.168.178.5 port 22

So i think there is a problem with the/my ssh-Settings :confused:
I just checked these things:

  • Folder ~/.ssh is chmod 700
  • Key-Files in ~/.ssh and /ssl alre chmod 600
  • There are no entrys in /etc/hosts.allow and /etc/hosts.deny on the Server
  • Restarted both servers several times
  • Re-created the server-side ~/.ssh/authorized_keys
  • Removed the client-side ~/.ssh/known_hosts

I really need some input how to troubleshoot my problem as i really want to use that great scp-remote-backup-plugin :confused:

Thank you all :wink:

Using the latest version of Safari (15.0 - 16612.1.29.41.4, 16612) on my Mac, I’m not able to use the Terminal UI via the sidebar icon. It loads the Terminal window and starts to look OK (blue bar on bottom, etc.) but none of the text appears and I just see a white square move around when I type or click arrow keys.

Using another browser (Chrome or Electron app) works fine, so I suspect the latest update to Safari has broken something. Anyone else seeing this?

@nickdos I have the same issue. Any info about?
thanks

@Gianlk - no update but I did end up filing an issue in the GH repo: https://github.com/hassio-addons/addon-ssh/issues/320. Give it a thumbs-up if you get a chance, to help legitimise the issue.

ssh:
username: username
password: password
authorized_keys:
KEYSXXX removed
sftp: false
compatibility_mode: false
allow_agent_forwarding: false
allow_remote_port_forwarding: false
allow_tcp_forwarding: false
zsh: true
share_sessions: false
packages: []
init_commands: []

I cant see anything when opening the Web UI… Any Ideas? :slight_smile: , No Errors…

[cont-init.d] ssh.sh: exited 0.
[cont-init.d] user.sh: executing…
[12:46:21] NOTICE: Session sharing has been disabled!
[cont-init.d] user.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
[12:46:21] INFO: Starting the ttyd daemon…
[12:46:21] INFO: Starting the Home Assistant STDIN service…
[12:46:21] INFO: Starting the SSH daemon…
Server listening on 0.0.0.0 port 22.
Server listening on :: port 22.

Same error here. No idea why. It only happens when I use ingress and web terminal. PuTTY works normally

Hi, I need some help with this add-on.
After installing and configuring it (v9.0.1), when I hit the Run button I get this error:

Image ghcr.io/hassio-addons/ssh/armv7 not exists for addon_a0d7b954_ssh

Home Assistant OS 6.5
supervisor-2021.10.0
core-2021.10.6

installed on a Raspberry Pi 3 Model A+, from the HA OS v6.5 32 bit image.

Is the web option not anymore needed in the add-on configuration?
I mean this:

web:
  ssl: true
  certfile: fullchain.pem
  keyfile: privkey.pem

As i see these errors in the log:

21-10-26 18:55:28 WARNING (MainThread) [supervisor.addons.options] Option 'web' does not exist in the schema for SSH & Web Terminal (a0d7b954_ssh)

Does anyone know how to get Web Terminal to work under iOS? Even the Home Assistant App will show a black screen under web terminal. Apparently the fonts don’t want to show up under iOS, but the cursor does.

Is there a way to change the fonts being used so that this solution works on portable devices?

Brian

I’m sure this will be fixed at some point but for now you can just use a terminal program like terminus…

No consigo ver ssh, espero que lo solucionen rápido.

No idea when, but after HA update I seems to have lost option to start catt from the service call.

My service call looks like:

service: hassio.addon_stdin
data:
  addon: a0d7b954_ssh
  input: /usr/bin/catt -d "Google Kitchen" cast_site "https://www.google.si"

But nothing happens when I issue this. If I copy paste the input command into terminal it will start just fine.

Anyone can spot the problem?

EDIT: I have restarted the SSH addon and everything is working again. Interesting.

1 Like

Nice little add-on, I installed earlier today to help a friend remotely.

Question for the Devs from a security point is it correct that you can ssh into the root host to gain filesystem access from the addon?

I may be wrong but I thought the idea behind this tool was to allow you to edit files that reside within the homeassistant container /config /media etc.

Just made me think if someone got access to your homeassistant instance on the web it gives the opportunity to try get into the os, I was also able to apk add nmap as was blind and trying to find device.

That did the trick for me to!

For quite some time, the Terminal text is hard to read

Am I doing something wrong? How can I improve this? I’m on Firefox 95.

My issue seems related to the DuckDuckGo Privacy Essentials addon. They have an issue opened since September 11: This addon breaks xterm.js fonts · Issue #839 · duckduckgo/duckduckgo-privacy-extension · GitHub

Disabling Site Privacy Protections solves the issue.