ESD what is that? Did you mean any of those DSA, ECDSA, or EdDSA?
ECD. Bad memory
for the totally newbies and uselessā¦ how can we do that?? thanks
You can use a key generator like putty ( https://puttygen.net/ ). Generate a key with the right encryption, store it (so you can use it in new connections) and update the configuration of the add-on.
1 Like
Thanks so muchš
1 Like
I was able to add the following line to /etc/ssh/ssh_config to avoid regenerating a new key and keep using my deprecated RSA key.
PubkeyAcceptedKeyTypes +ssh-rsa
I think my situation is different though. My issue was SSHing to another host from HASS to run remote commands.
1 Like
I could have done with knowing that last week. I ended up installing openssh on the other device so I could ssh in for commands with the new key in HA. Congratulations on finding that solution. 
Hey, is it me or is the āpackagesā option not wotking in this addon?
this is my config:
allow_agent_forwarding: false
allow_remote_port_forwarding: false
allow_tcp_forwarding: false
authorized_keys: []
compatibility_mode: false
password: '!secret addon_samba_password'
sftp: false
username: '!secret addon_samba_username'
packages:
- sngrep
But on every restart of add-on, i always need to install āsngrepā again
Iām only guessingā¦
sngrep needs sed. So you possibly need to add both to your packages list.
Ah nevermind I tried it. It works on mine with Only sngrep and with protection mode on or off
what happens in your logs on start/restart?
fetch https://dl-cdn.alpinelinux.org/alpine/v3.16/main/aarch64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.16/community/aarch64/APKINDEX.tar.gz
v3.16.1-87-g169a68ae67 [https://dl-cdn.alpinelinux.org/alpine/v3.16/main]
v3.16.1-87-g169a68ae67 [https://dl-cdn.alpinelinux.org/alpine/v3.16/community]
OK: 16904 distinct packages available
(1/2) Installing sed (4.8-r0)
(2/2) Installing sngrep (1.5.0-r0)
Executing busybox-1.35.0-r13.trigger
OK: 281 MiB in 187 packages
OK: 281 MiB in 187 packages
the official terminal & SSH one uses less packages oddly enough
fetch https://dl-cdn.alpinelinux.org/alpine/v3.16/main/aarch64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.16/community/aarch64/APKINDEX.tar.gz
v3.16.1-87-g169a68ae67 [https://dl-cdn.alpinelinux.org/alpine/v3.16/main]
v3.16.1-87-g169a68ae67 [https://dl-cdn.alpinelinux.org/alpine/v3.16/community]
OK: 16902 distinct packages available
(1/3) Installing sed (4.8-r0)
(2/3) Installing libpcap (1.10.1-r0)
(3/3) Installing sngrep (1.5.0-r0)
Executing busybox-1.35.0-r13.trigger
OK: 96 MiB in 99 packages
thats the strange thing, i dont see anything in the logs about it, protection mode is off hereā¦
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/00-banner.sh
-----------------------------------------------------------
Add-on: SSH & Web Terminal
SSH & Web Terminal access to your Home Assistant instance
-----------------------------------------------------------
Add-on version: 11.0.2
You are running the latest version of this add-on.
System: Home Assistant OS 8.4 (amd64 / qemux86-64)
Home Assistant Core: 2022.7.7
Home Assistant Supervisor: 2022.07.0
-----------------------------------------------------------
Please, share the above information when looking for help
or support in, e.g., GitHub, forums or the Discord chat.
-----------------------------------------------------------
cont-init: info: /etc/cont-init.d/00-banner.sh exited 0
cont-init: info: running /etc/cont-init.d/01-log-level.sh
Log level is set to INFO
cont-init: info: /etc/cont-init.d/01-log-level.sh exited 0
cont-init: info: running /etc/cont-init.d/docker.sh
[13:35:59] INFO: Docker support has been enabled.
cont-init: info: /etc/cont-init.d/docker.sh exited 0
cont-init: info: running /etc/cont-init.d/mosquitto.sh
cont-init: info: /etc/cont-init.d/mosquitto.sh exited 0
cont-init: info: running /etc/cont-init.d/mysql.sh
cont-init: info: /etc/cont-init.d/mysql.sh exited 0
cont-init: info: running /etc/cont-init.d/ssh.sh
[13:36:00] WARNING:
[13:36:00] WARNING: Logging in with a SSH password is security wise, a bad idea!
[13:36:00] WARNING: Please, consider using a public/private key pair.
[13:36:00] WARNING: What is this? https://kb.iu.edu/d/aews
[13:36:00] WARNING:
cont-init: info: /etc/cont-init.d/ssh.sh exited 0
cont-init: info: running /etc/cont-init.d/user.sh
[13:36:01] NOTICE: Session sharing has been disabled!
cont-init: info: /etc/cont-init.d/user.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun sshd (no readiness notification)
services-up: info: copying legacy longrun ttyd (no readiness notification)
s6-rc: info: service legacy-services successfully started
[13:36:01] INFO: Starting the ttyd daemon...
[13:36:01] INFO: Starting the SSH daemon...
Server listening on 0.0.0.0 port 22.
Server listening on :: port 22.
[2022/08/02 13:36:01:3863] N: Using foreign event loop...
normally sngrep adds sed automaticly anway, but i also tried by adding sed manually, doesnt help either
Perhaps remove and re add it from the config.
no luck either 
1 Like
authorized_keys: []
Not sure if it will do it with a password. mind you I had never used the feature either. It caught my attention, because Iād never seen it. It does work with user/pass and no SSH key
Id probably just copy your config and reinstall the addon.
does the other addon work to install sngrep?
hmm, this the only addon i use for ssh access
reinstalling doesnt help either
1 Like
You can trying to add:
-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa
To the command option. It works for me.
Hi there. I am turning mad with my home assistant. I am using scp to push data from home assistant to a remote server via an automation. It worked fine for months, but since last update it does not work anymore. I tried to debug in the terminal window and get the following error:
unable to negotiate with xxx no matching host key type found. Their offer: ssh-rsa
I had a rsa key, so I generated a new pair of ed25519 keiys, uploaded the public key on the server and get the same error
so next I used the option HostKeyAlgorithm, and it did not work with ed25519 (same error), and sort of works with rsa, but I then get propted for a password, which will not be working in an automation
Can you show the command line? Is it a shell command?
this one āworksā but asks for password. Though, I tried to delete all public key on the distant server and it is the same: works but asking for password.
/usr/bin/scp -i /config/.ssh/id_rsa -o StrictHostKeyChecking=accept-new -o HostKeyAlgorithms=+ssh_rsa my_file_to_upload [email protected]:/path
if I replace id_rsa by id_ed25519 and HostKeyAlgorithms=+ssh_rsa by HostKeyAlgorithms=+ssh_ed25519, I get āunable to negotiate with xxx no matching host key type found. Their offer: ssh-rsaā
the issue started immediately after an upgrade from core2022_6.2 to core2022_8.2
The distant server is hosted by a provider, so I have very little control on it
OK. Some further tests later and using my own machine to test (where I do have more control), my understanding is that the newer version of HASS does not allow rsa (not sufficienly secure?), while my provider does not offer anything else. Is there a way to force HASS to accept rsa ??
I tried ācompatibility mode trueā in the config of the add on, with no changeā¦