Heum…
hard restart of the machine solved it.
I don’t know what was the problem though.
Works fine now. I’ll think I have to leave it there 
1 Like
I’ve installed the SSH addon from the repository v2.3.0, but Unable to negotiate with 58.218.198.169 port 22607: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Thats my config.
{
"log_level": "info",
"port": 22,
"username": "root",
"password": "xxxxxx",
"authorized_keys": [],
"sftp": false,
"compatibility_mode": false,
"allow_agent_forwarding": false,
"allow_remote_port_forwarding": false,
"allow_tcp_forwarding": false,
"packages": [],
"init_commands": []
}
Log file
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] 10-hassio: applying...
[fix-attrs.d] 10-hassio: exited 0.
[fix-attrs.d] 50-ssh: applying...
[fix-attrs.d] 50-ssh: exited 0.
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 00-banner.sh: executing...
-----------------------------------------------------------
Hass.io Add-on: SSH - Secure Shell v2.3.0
Allows SSH connections to your Home Assistant instance
From: Community Hass.io Add-ons
By: Franck Nijhof <[email protected]>
-----------------------------------------------------------
[cont-init.d] 00-banner.sh: exited 0.
[cont-init.d] 01-log-level.sh: executing...
Log level is set to INFO
[cont-init.d] 01-log-level.sh: exited 0.
[cont-init.d] 02-updates.sh: executing...
INFO: You are running the latest version of this add-on
[cont-init.d] 02-updates.sh: exited 0.
[cont-init.d] 03-version-requirements.sh: executing...
INFO: Supervisor version requirements checks passed.
[cont-init.d] 03-version-requirements.sh: exited 0.
[cont-init.d] 10-requirements.sh: executing...
WARNING: Logging in with root use is security wise, a bad idea!
WARNING: Logging in with a password is security wise, a bad idea!
WARNING: Please, consider using a public/private key pair
[cont-init.d] 10-requirements.sh: exited 0.
[cont-init.d] 20-user.sh: executing...
[cont-init.d] 20-user.sh: exited 0.
[cont-init.d] 30-link-common-dirs.sh: executing...
[cont-init.d] 30-link-common-dirs.sh: exited 0.
[cont-init.d] 40-zsh.sh: executing...
[cont-init.d] 40-zsh.sh: exited 0.
[cont-init.d] 50-ssh-config.sh: executing...
[cont-init.d] 50-ssh-config.sh: exited 0.
[cont-init.d] 51-host-keys.sh: executing...
[cont-init.d] 51-host-keys.sh: exited 0.
[cont-init.d] 52-authorized-keys.sh: executing...
[cont-init.d] 52-authorized-keys.sh: exited 0.
[cont-init.d] 53-user-ssh-folder.sh: executing...
[cont-init.d] 53-user-ssh-folder.sh: exited 0.
[cont-init.d] 80-user-packages.sh: executing...
[cont-init.d] 80-user-packages.sh: exited 0.
[cont-init.d] 81-user-scripts.sh: executing...
[cont-init.d] 81-user-scripts.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
starting version 3.2.4
[services.d] done.
INFO: Starting the SSH daemon
Server listening on 0.0.0.0 port 22.
Server listening on :: port 22.
Connection from 58.218.198.169 port 39543 on 192.168.1.xx port 22
Unable to negotiate with 58.218.198.169 port 39543: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Connection from 58.218.198.169 port 57943 on 192.168.1.xx port 22
Unable to negotiate with 58.218.198.169 port 57943: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Connection from 58.218.198.169 port 13976 on 192.168.1.xx port 22
Unable to negotiate with 58.218.198.169 port 13976: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Connection from 58.218.198.169 port 46278 on 192.168.1.xx port 22
Unable to negotiate with 58.218.198.169 port 46278: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Connection from 58.218.198.169 port 59380 on 192.168.1.xx port 22
Unable to negotiate with 58.218.198.169 port 59380: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Connection from 58.218.198.169 port 22607 on 192.168.1.xx port 22
Unable to negotiate with 58.218.198.169 port 22607: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]Set this one to enable. See the docs or earlier conversations in this topic for more information and risks envolved with this.
{
"log_level": "info",
"port": 22,
"username": "root",
"password": "xxxxxx",
"authorized_keys": [],
"sftp": false,
"compatibility_mode": true,
"allow_agent_forwarding": false,
"allow_remote_port_forwarding": false,
"allow_tcp_forwarding": false,
"packages": [],
"init_commands": []
}
LOG
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] 10-hassio: applying...
[fix-attrs.d] 10-hassio: exited 0.
[fix-attrs.d] 50-ssh: applying...
[fix-attrs.d] 50-ssh: exited 0.
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 00-banner.sh: executing...
-----------------------------------------------------------
Hass.io Add-on: SSH - Secure Shell v2.3.0
Allows SSH connections to your Home Assistant instance
From: Community Hass.io Add-ons
By: Franck Nijhof <[email protected]>
-----------------------------------------------------------
[cont-init.d] 00-banner.sh: exited 0.
[cont-init.d] 01-log-level.sh: executing...
Log level is set to INFO
[cont-init.d] 01-log-level.sh: exited 0.
[cont-init.d] 02-updates.sh: executing...
INFO: You are running the latest version of this add-on
[cont-init.d] 02-updates.sh: exited 0.
[cont-init.d] 03-version-requirements.sh: executing...
INFO: Supervisor version requirements checks passed.
[cont-init.d] 03-version-requirements.sh: exited 0.
[cont-init.d] 10-requirements.sh: executing...
FATAL: Configuring a password or authorized keys is mandatory!
[cont-init.d] 10-requirements.sh: exited 1.
[cont-finish.d] executing container finish scripts...
[cont-finish.d] 99-message.sh: executing...
-----------------------------------------------------------
Oops! Something went wrong.
We are so sorry, but something went terribly wrong when
starting or running this add-on.
Be sure to check the log above, line by line, for hints.
-----------------------------------------------------------
[cont-finish.d] 99-message.sh: exited 0.
[cont-finish.d] done.
[s6-finish] syncing disks.
[s6-finish] sending all processes the TERM signal.Hello, this is probably a silly question but am hoping you can help.
I’m running Hassio on a RPi 3 and am using the SSH on Terminal on a Linux notebook.
I’ve followed the Github instructions for setting up the ssh key but from the resulting outputs I’m not sure if I’ve set everything up properly.
Should I be getting the “authenticity of host” message below? It lets me in but as you can see in the next block of output I can’t do a scp…
x@netbook ~/.ssh $ ssh [email protected]
The authenticity of host '192.168.0.35 (192.168.0.35)' can't be established.
ED25519 key fingerprint is SHA256:qpOHRtz33bcKRg/VYyzk6x3cORUxuiwjR0neqZJBhLA.
Are you sure you want to continue connecting (yes/no)? y
Please type 'yes' or 'no': yes
Warning: Permanently added '192.168.0.35' (ED25519) to the list of known hosts.
_ _ _____ ____
| | | | |_ _/ __ \
| |__| | __ _ ___ ___ | || | | |
| __ |/ _` / __/ __| | || | | |
| | | | (_| \__ \__ \_ _| || |__| |
|_| |_|\__,_|___/___(_)_____\____/
Then when attempting scp…
~ scp [email protected]:~ ~/Documents/Hassio_files
The authenticity of host '192.168.0.35 (192.168.0.35)' can't be established.
ED25519 key fingerprint is SHA256:qpOHRtz33bcKRg/VYyzk6x3cORUxuiwjR0neqZJBhLA.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.35' (ED25519) to the list of known hosts.
Permission denied (publickey).
Any help much appreciated! Thank you
SCP most be enabled explicitly in the add-on configuration.
Please see the add-on docs on how to do that and why it is disabled in the first place.
The issue is that your mac is not seeing the pi as an allowed host or the host fingerprint has changed.
Try this command from the terminal:
ssh-keygen -R 192.168.0.35
That will remove the existing key.
Then try the connection again.
The Mac will then get upset that the security of the key is too lax:
Permissions 0777 for 'name-of-file' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
To correct this, enter the following command:
chmod 400 name-of-file
@frenck it is a Mac error I think - not an error with the addin.
As it says permission denied you might need to use sudo with the above commands as well.
Thanks I’ll give that a go!
Release v2.4.0
This release is exciting, at least, for me it is. I’ve been working on this for months! And for you? Well, almost nothing changed 
So what did change? I’ve updated the workflows of the Community Hass.io Add-ons project. Things include:
- Replaced CircleCI and CodeClimate. We are now using GitLab CI, backed by a couple of custom servers building and testing these add-ons.
- All add-ons are now scanned during built and release by Clair to prevent security issues in our add-ons.
- All add-ons are constantly scanned and monitored by Anchore.io. We will be notified immediately in case of security issues occur. (Major thanks to Anchore.io for helping us out!)
- The add-ons repository is now entirely generated and automatically synced with all the add-ons. This ensures repositories are in sync, never forgotten and releases are almost instantly.
- The base images that these add-ons are built on are entirely revised.
- All add-ons have been updated to follow the Docker best practices. These are checked on every code change by GitLab CI.
- All add-ons had maintenance. All software is updated to the latest and greatest and the documentation has been revisited.
- There are now 2 bots in place on the GitHub project. The Add-ons Assistant is helping us out with the GitHub issues and pull requests and the AddonsBot is fully active taking care of updating code across the different GitHub Repositories.
- We now have Edge & Beta add-ons repositories available. This allows everybody to test the latest and greatest (in case you don’t care about stability that much, or just wanna help out!)
- I’ve removed all the PayPal, Bitcoin, … buttons. If you’d like to show your appreciation, then please, just buy me a coffee.
So that’s quite a lot, right? So what changed in this specific add-on?
Added
- Adds all architectures to add-on config
- Adds .yamllint configuration
- Adds SQLite by default
- Adds Probot configuration
- Adds add-on README template
- Adds Gitlab CI
Fixed
- Fixes Markdownlint warning in License
- Fixes hadolint warnings
- Fixes sudoers file permissions
Changed
- Replaces Changelog with GitHub releases
- Updates hassio-cli to v1.3.0 (#18) (@bastula)
- Updates README
- Upgrades add-on base image to v1.4.1
Removed
- Removes CodeClimate
- Removes CircleCI
- Removes supervisor version constraint from add-on config
Release v2.4.1
Changed
- Updates hassio-cli to v1.3.1
- Updates bind-tools to 9.11.3-r0
- Updates sqlite to 3.21.0-r1
Possible stupid question alert:
I am currently using the built-in add-on. After I uninstall it and install this instead can I use the same authorized key?
Here is my built-in add-on config
Should work like a champ. An SSH key is an SSH key – the one that you carry over from the old installation of the SSH plugin is tied to your private SSH key on your source machine. That, presumably, is still valid.
So, in other words, good to go.
1 Like
Release v2.5.0
Fixed
- Fixes shellcheck warnings
Changed
- Moves build-env to latest
- Upgrades base image to v1.4.2
- Upgrades git to 2.15.2-r0
- Rewrites GitLab CI
Hi Guys!
I’m considering merging this add-on (The Community SSH add-on) with the Terminal add-on.
The advantages of this would be:
- Pick up sessions from SSH using your web terminal
- Pick up session from your Web terminal using SSH
- Smaller footprint (in case you have both installed)
- Less maintenance for me
What do you think?
5 Likes
that would be awesome !
Most logical approach might be to do it in the same way the Let’s Encrypt and duckDNS ones work, ie you may want Let’s Encrypt on it own but you won’t want duckDNS without so a combo addon makes sense for the second scenario.
However, if it means loads more work I’m sure we’ll all be grateful with whatever we get 
Actually you might if you use Caddy… But with SSH and Terminal there doesn’t seem to be any downside if it’s set up so you can use one or the other in case you wanted to use the inbuild ssh addon.
I am new to ha and was following some helpful instructions by Ben at BRUH Automation on how to customize your ha interface. I was trying to follow his instructions on adding a logo image to a device by adding an entity_picture to my customize.yaml file. If I understood his instructions correctly, he created a “www” directory in the /.homeassistant folder and then added his image file in this directory and the just made reference to the image by entering entity_picture: /local/his_image_logo.png.
I am trying to relate Ben’s instructions to what I am seeing with both this SSH Shell and Samba where I only see the config, addon, share, and backup directories. According to the customize help file link below, I should use a URL or place the image file in the /local directory as shown below. However, I don’t see /local directory. Do I need to create a /local directory or a “www” directory as Ben suggested? If yes, where should I place it? I tried creating an /images directory in the config directory and making the entity_picture path /config/images/myimage.png, but that didn’t work. I could use some help translating Ben’s instructions after installing hass.io vs. what I am seeing on my hass.io installation. I would really appreciate it if someone can help me understand why there are difference and how I can translate his instructions so that I can add the image file to my customize.yaml file and have it be picked up correctly.
From the customization help file below, I should enter my folder path for my image file like “entity_picture: /local/toaster.jpg”
create the www folder under config folder
1 Like