Home Assistant Community Add-on: SSH & Web Terminal

In my tests I had to use the ed key as the rsa key is not accepted but in a shell command to the host it will only accept the rsa key which is weird

And how did you get the rsa key to work ?

Apologies for interrupting another userā€™s ongoing issue but the Discord channel sent me here for my issue. I searched this topic for ā€œConnection reset by peerā€ but nothing relevant turned up. Thanks in advance for any insight! -Colin

Regarding the ā€œSSH & Web Terminalā€ AddOn, how does one go about forwarding the HomeAssistant web GUI interface via SSH so that it is securely accessible outside the local network? [I realize thereā€™s a ā€œcloudā€ feature built into HA but Iā€™d rather not be dependent on more external services than I must]. I have the AddOn running with ED25519 key authentication working and SSH Server Port 2020 specified in the AddOnā€™s Config tab. SSH connections to HA work on the local network as well as externally using a dynamic IP service with the local router forwarding Port 2020 to the HA machine. Hereā€™s the syntax Iā€™m using on the external laptop to initiate an SSH connection and tunnel Port 8123 (HAā€™s web GUI port).

ssh [username]@[dynamicIPservice] -p 2020 -L 8123:127.0.0.1:8123

The command executes without comment or error and the familiar ASCII-art HomeAssistant command line appears. Next, on the external laptop I open my browser and enter: 127.0.0.1:8123. The web GUI starts to load (white background, large light blue HA icon in the center) but then the page stops loading and I get an error at the SSH Terminal command line [on the external laptop] stating:

Connection reset by [IPaddressFromDynamicIPservice] port 2020

Here are some of the AddOn config settings:
allow_agent_forwarding: false
allow_remote_port_forwarding: true
allow_tcp_forwarding: true
compatibility_mode: false
sftp: false
share_sessions: true
zsh: true

Rasberry Pi 3 Running:
HA v2022.8.3
Supervisor v2022.08.3
Operating System v8.4
SSH & Web Terminal v12.0.1

I have tried several T/F combinations of the listed config settings above to no success. I have tried ā€œlocalhostā€ in place of ā€œ127.0.0.1ā€ in all relevant steps but that didnā€™t matter either. I tried flipping the port forwarding syntax as described here (Home Assistant and SSH - Home Assistant) but that didnā€™t work. I HAVE had success with my current syntax posted above tunneling to an VNC server in an unrelated situation using OpenSSH so I donā€™t think itā€™s malformed.

Here are the SSH & Web Terminal v12.0.1 Log Entries and my interactions. The session logs start at the label 00SESSION START HERE00.

[I START THE ADDON THROUGH LOCAL NETWORK WEB INTERFACE]
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/00-banner.sh

Add-on: SSH & Web Terminal
SSH & Web Terminal access to your Home Assistant instance

Add-on version: 12.0.1
You are running the latest version of this add-on.
System: Home Assistant OS 8.4 (aarch64 / raspberrypi3-64)
Home Assistant Core: 2022.8.3
Home Assistant Supervisor: 2022.08.3

Please, share the above information when looking for help
or support in, e.g., GitHub, forums or the Discord chat.

cont-init: info: /etc/cont-init.d/00-banner.sh exited 0
cont-init: info: running /etc/cont-init.d/01-log-level.sh
cont-init: info: /etc/cont-init.d/01-log-level.sh exited 0
cont-init: info: running /etc/cont-init.d/docker.sh
cont-init: info: /etc/cont-init.d/docker.sh exited 0
cont-init: info: running /etc/cont-init.d/mosquitto.sh
cont-init: info: /etc/cont-init.d/mosquitto.sh exited 0
cont-init: info: running /etc/cont-init.d/mysql.sh
cont-init: info: /etc/cont-init.d/mysql.sh exited 0
cont-init: info: running /etc/cont-init.d/ssh.sh
cont-init: info: /etc/cont-init.d/ssh.sh exited 0
cont-init: info: running /etc/cont-init.d/user.sh
cont-init: info: /etc/cont-init.d/user.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun sshd (no readiness notification)
services-up: info: copying legacy longrun ttyd (no readiness notification)
s6-rc: info: service legacy-services successfully started
[11:57:49] INFO: Starting the ttyd daemonā€¦
[11:57:49] INFO: Starting the SSH daemonā€¦
Server listening on 0.0.0.0 port 2020.
Server listening on :: port 2020.

00SESSION START HERE00
[FROM LAPTOP ON EXTERNAL NETWORK I RUN: ssh [username]@[dynamicIPservice] -p 2020 -L 8123:127.0.0.1:8123]

Connection from [LocalRouterIPaddress] port 54168 on [RasbPiIPaddress] port 2020 rdomain ā€œā€

Accepted key ED25519 [SHA256keyHere] found at /etc/ssh/authorized_keys:1

Postponed publickey for [username] from [LocalRouterIPaddress] port 54168 ssh2 [preauth]

Accepted key ED25519 [SHA256keyHere] found at /etc/ssh/authorized_keys:1

Accepted publickey for [username] from [LocalRouterIPaddress] port 54168 ssh2: ED25519 [SHA256keyHere]

User child is on pid 369

Starting session: shell on pts/0 for [username] from [LocalRouterIPaddress] port 54168 id 0

[FROM REMOTE LAPTOP INTERNET BROWSER I RUN: http://127.0.0.1:8123/]

Read error from remote host [LocalRouterIPaddress] port 54168: Connection reset by peer

[FROM REMOTE LAPTOP: HA GUI stops loading and SSH terminal states ā€œConnection reset by [IPaddressFromDynamicIPservice] port 2020ā€]

As a nooby, Iā€™m trying to install this add-on. Installation goes well, but I canā€™t get to save a changed configuration. I took the example from the documenation, changed the key and username+password. But whatever I do with the password, I still get the same fault-message, that the password is missing, when I try to save it. Even when I leave the password blank. In reaction to some Youtube-videos, I saw some other persons with the same fault-message, but no solution to this problem. Can someone push me in the right direction what Iā€™m doing wrong? Thanks to any help.

1 Like

try leaving the keys blank, and just do the username / password first.

Hi jippo, I had issues initially setting up the Config Tab too. The example code in the Documentation Tab seems to been from an older version of the AddOn and not formed quite right for v12.0.1. Specifically, my Addon Would not tolerate indents/spacing for the sub-entries like you have under Line 2 ssh:. Additionally, I found the ONLY way the AddOn would accept my RSA key was to follow the TEXT instructions from the Documentation Tab and place the key inside brackets. When you save the config code, it will auto-format to the way it wants it. Example:

authorized_keys: [ssh-rsa blablablablablarsagoodblablablablawbad someuser@somepc]

When you save the config, it will autoformat to:

authorized_keys:
- >-
ssh-rsa
blablablablablarsagoodblablablablawbad
someuser@somepc

tl/dr: Delete all the code indents at the start of lines 3,4,5,8,9,10,11,12. Delete lines 6 & 7 then rewrite line 5 like I showed above using brackets []. Once you get the Public RSA key working, rewrite your Line 4 as:

password: ""

This removes the password as an authentication option (those are two quote symbols with no space). I donā€™t use the packages: or init_commands: fields but if they are giving you trouble too, try putting those commands in brackets as well like the RSA key and see if the Addon accepts and re-formats your commands the way it wants.

Iā€™m a total noob with this too but thatā€™s how I got that message to clear on my install.

Setting up on a new install I had a similar issue saving as well. In the end I reset the addon to defaults and just edited in the ā€˜changesā€™ Then it saved. I had even tried copy/paste from a working install but that wouldnā€™t work either

Thanks Colin for your reply. You saved my day :slight_smile:
What did the trick for me:
Copied same example from the documentation.
Placed the key like you said: same error.
Then deleted all the mentioned spaces at the start of the lines: Bingo!
Now I can save the configuration, (re)start ssh and connect my PC with HA. Itā€™s finally working.

For the other replyers, also thanks for your contribution.

Hi All

Wonder if anyone here can help me I do not really know SSH and since hassio.addon_stdin was removed from the addon i have been stuck just manually running the below command from the terminal.

Iā€™m using Homeassistant on a Raspberry PI

sudo docker exec addon_a0d7b954_nut upscmd -u xxx -p xxx Cabinet_UPS@localhost beeper.toggle

I use to use the following in an automantion but it does not work any more.

action:
  - service: hassio.addon_stdin
    data:
      addon: a0d7b954_ssh
      input: sh /config/boff.sh

Everywhere i look people say use Shell_command to Call ssh bit i have no idea how to do this. And what the command should look like as I have virtually no experince in SSH is there anyone here who can guide me in getting this working again it is either that or take my pliers open the ups and break off the buzzer from the pc board lol(dont really want to do that) :slight_smile:

Any help will be appriciated

1 Like

I got RSA authentication to work by placing this in the addon config:

init_commands:
  - >-
    echo -en "HostKeyAlgorithms=+ssh-rsa\nPubkeyAcceptedKeyTypes=+ssh-rsa" >>
    /etc/ssh/sshd_config
4 Likes

Hi,

I have this SSH addon:

I need to disable protection mode, since I need to upgrade the firmware of Z-Pi 7, since my current version has a serious bug. Firmware upgrade specify that I need to do this with protection mode disabled.

I do not see any disabling of protection mode on my SSH addon? Iā€™ve seen other comments related to SSH and protection mode, that it might be that I have the official version of SSH and not the community version of SSH, is that the case? If so, where do I find the community SSH version where I can turn off protection mode?

My HA is already running in advanced mode.
Thank you in advance!!
Screenshot 2022-10-09 212923|533x500

I found out I was using the wrong SSH. I was using the official, but it is the community version I needed to be able to connect with protection mode turned off.

To see this SSH (and also the official one) you need to go to your profile in HA web and enable advanced mode.
Then select this SSH:
Screenshot 2022-10-10 195218

Can i ssh to a docker container and backup data ?
i really want to know how i can do that.

i use winscp app

regards

Hi, i did the same but no luck for me. You simply put it in the config? thank you

Hi,
I use this add-on as terminal. I wonder why I canā€™t see anything inside /mnt/
grafik

That canā€™t be empty because hassioā€™s docker mount a lot inside that directory with each container

Any advice?

Thank you! :slight_smile:

I have install and make the configuration.

After this I had access over ssh from my computer.

But now my question. Can I edit the boot/config.txt with SSH & Web Terminal?

If yes how?

No, you canā€™t. Add-ons are containers and have their own isolated environment.

ok thanks for the Info.

I know it is off toppic. But have you an idea, how is the easiest way I can edit this file?

Because I must change the

enable_uart=1

in this file to get RaspBee II running

After using this Add-on for a few days (fresh install of everything), I next started experimenting with the capabilities to add alpine packages.
I added the following option to the config

packages:
  - imagemagick

did the save which restarted the add-onā€¦
but it does not appear that the package was installed, and nothing in the logs to indicate failure or success.

Any suggestions?

Here is more info:
SSH & Web Terminal
Current version: 13.0.0
protection mode is on

Iā€™m running this add-on happily for quite some time now, but today I run into an issue: I want to add an authorized key, but the configuration wonā€™t persist. I first thought I made a mistake in the configuration, but even dropping one of the existing keys does not persist. After save and restart, the configuration is back to its original.

Iā€™m running the latest versions of everything:

  • Home Assistant: 2023.1.6
  • Supervisor: 2022.12.1
  • Operating System: 9.4
  • Frontend: 20230110.0 - latest
  • SSH & Web terminal: 13.0.2

Anyone an idea?