Home Assistant OS(VM) and ssh to remote server (Resolved)

stratus-ss · September 17, 2021, 1:36pm

I’ve been trying to figure out how to have Home Assistant suspend computers given a certain event.

My issue is not the scripting or the triggers but rather I am running the Home Assistant OS and I can’t for the life of me figure out how to create SSH keys which I can then add to the REMOTE host for passwordless ssh

I have found tons of posts about how to enable ssh TO Home Assistant OS, and several posts about sshing into a remote host from HASSIO, but those all assume the standard linux tooling.

I attempted to put a generated id_rsa/id_rsa.pub in the /mnt/boot/CONFIG directory likee you do with the authorized keys file but that didn’t work.

How do you generate SSH keys on the Home Assistant OS so that it can interact with remote machines?

Thanks!

FixTheExchange · September 17, 2021, 2:39pm

Haven’t tried it myself yet, but Home Assistant OS appears to be based on Alpine Linux, and everything appears to run as root. Did you try putting the keys in /root/.ssh ? ssh-keygen exists if you use the Terminal/SSH plugin, and that will generate keys in that path by default.

Alternatively, you should be able to use the -i switch to point at the path you saved the private key to.

ssh -i /conig/id_rsa/id_rsa user@host

stratus-ss · September 17, 2021, 2:44pm

Thanks for the reply!

You can’t create anything on /root:

# pwd
/root
# touch new
touch: new: Read-only file system

The layout of Home Assistant OS is as follows:

NAME   MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
zram0  252:0    0  1.9G  0 disk [SWAP]
zram1  252:1    0   32M  0 disk /var
zram2  252:2    0   16M  0 disk /tmp
vda    253:0    0   48G  0 disk 
|-vda1 253:1    0   32M  0 part /mnt/boot
|-vda2 253:2    0   24M  0 part 
|-vda3 253:3    0  256M  0 part /
|-vda4 253:4    0   24M  0 part 
|-vda5 253:5    0  256M  0 part 
|-vda6 253:6    0    8M  0 part 
|-vda7 253:7    0   96M  0 part /mnt/overlay
`-vda8 253:8    0 47.3G  0 part /mnt/data

However, based on your idea (/config doesn’t exist) I have noted that most of the user-writeable files exist in

ls /mnt/data/supervisor/homeassistant
automations.yaml          covers.yaml               device_tracker.yaml       history.yaml              home-assistant_v2.db-shm  mqtt_dump.txt             scripts.yaml              weather.yaml
binary_sensors.yaml       custom_components         esphome                   home-assistant.log        home-assistant_v2.db-wal  node-red                  secrets.yaml              www
blueprints                customize.yaml            glances                   home-assistant.log.1      input_boolean.yaml        recorder.yaml             sensor.yaml               zigbee.db
configuration.yaml        deps                      groups.yaml               home-assistant_v2.db      known_devices.yaml        scenes.yaml               tts

I’ll try putting the keys in there and see if that will work. Great jumping off point. Thanks!

FixTheExchange · September 17, 2021, 3:03pm

Looking at the docs for the Terminal/SSH addon… it says:

Regardless of how you connect (using the web terminal or using an SSH client), you end up in this add-on’s container. The Home Assistant configuration directory is located on the path /config .

Found this blog post that covers it… Home Assistant Shell Integration: Local & SSH Linux Control – Siytek

stratus-ss · September 17, 2021, 3:38pm

With your help I actually discovered that Home Assistant OS uses dropbearkey

I tried using my key:

ssh -i <private key> user@host

ssh: Exited: String too long

This lead me to looking into dropbearkey so I did this:

dropbearkey -t rsa -f id_rsa_hassio

In my /mnt/data/supervisor/homeassistant directory and the ssh command works. I’d prefer not to use an additional plugin if not required.

I’ll post my solution once I get it working

stratus-ss · September 18, 2021, 2:16pm

following up on my own post here is what I did. After using the dropbearkey to generate the file I tried logging in with that but I was still getting a return code error of 255.

I logged into the target and confirmed that it was not receiving a connection attempt. Realizing that I ended up discovering that whatever mechanism the shell_command is using (a container?) is failing DNS resolution attempts. I switched the script to using an IP instead and I started seeing the connection attempts however I was seeing this error on the host:

audit[752003]: USER_ERR pid=752003 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:bad_ident grantors=? acct="?" exe="/usr/bin/sshd"

After digging around some more it turns out this is because dropbearkey creates an encoded file of some sort (since Home Assistant OS does not have the file command I couldn’t tell you what type of file it outputs)

The solution to this was to run the dropbearconvert command like so

dropbearconvert dropbear openssh id_rsa_hassio id_rsa

This converts the key from dropbear to openssh. After this was correct and I ensured that the script was referencing the correct keys, the shell command worked.

For reference I am calling it like so:


switch:
  - platform: wake_on_lan
    mac: "xx:xx:xx:xx:34:12"
    name: "desktop"
    turn_off:
      service: shell_command.turn_off_desktop

shell_command:
  turn_off_desktop: ssh -t -o 'UserKnownHostsFile=/config/.ssh/known_hosts' -o 'StrictHostKeyChecking=no' -i /config/.ssh/id_rsa [email protected] 'sudo systemctl suspend'

For testing, I made a button in Lovelace that uses the shell_command service to call the command