How I got Asuswrt device tracker working with SSH key files

Configuration
21

Did you chmod 600 the file? Also, you can try to put it in the folder I suggested in the topic start? That is a known working location, even if just to confirm it can work for you.

22

Yes i did the chmod.
And the folder was my question, where is the /config/ folder? i canā€™t find it or canā€™t see it. Not working with unix that much.

Also when I try it with the password config instead of the ssh_key in the configuration.yaml, I get an error ā€œUnexpected SSH error: permission deniedā€ id there some router setting Iā€™m missing? I set the part from your screenshot and the ssh public key.

23

For me, the config directory is in the root (using Hassio). Another way to reach it is by activating Samba access and connecting to the HASS file system from another PC. The config directory is then available as a shared folder.

24

Well Iā€™m using Hassbian maybe there is a difference then. Iā€™ll try today when Iā€™m home to put it in a /root/ folder. Otherwise I will probably alternate to a ping instead of presence detection by the router.
Thanks for your help, very much appreciate it.

25

@kirbby,

Since you are on hassbian try this:

sudo -u homeassistant -H /bin/bash
cd ~/.homeassistant/ssh/
rm *
ssh-keygen -t rsa -b 4096 #save key as ssh_asus_private_key
cat ssh_asus_private_key
exit

This will create the ssh key under the correct user. *please note this text is not tested but the concept works.

This worked for my Docker setup:

docker exec  -it homeassistant bash
mkdir ssh
cd ssh
ssh-keygen -t rsa -b 4096 #save key as asuswrt
cat asuswrt
exit

For docker:

#device_tracker:
  - platform: asuswrt
    host: #router IP
    username: !secret asus_admin_name
#    password: !secret asus_admin_password
#or
    ssh_key: '/config/ssh/asuswrt'  #The path to your SSH private key file associated with your given admin account
1 Like
26

@TheNotSoSmartHome,
thanks for the tip Iā€™ll try it on the weekend, if I have time. For now I made the ping device tracker work.

27

Iā€™m having issues with this too. Everything was working fine (I think) until I updated to 0.82.1.

I was just using username and pass to access the router which has worked for absolutely ages.

I tried adding an SSH key as described above, but it still doesnā€™t work.

Whats really annoying is that I have quite a number of automations that rely on this!

28

I got this working but on Raspbian I had to make sure I was generating an openssl key ( ā€œ-oā€ ). So following @TheNotSoSmartHomeā€™s instruction I had to change the keygen command to

ssh-keygen -t rsa -b 4096 -o

29

Hi. Iā€™m now running Hassio 0.83.3

Followed the above instructions but when I log in via SSH (as root) to do the chmod command I get a no such file or directory error message. If I type LS, I see nothing. Any ideas of the correct path?

EDIT: Ignore me - was being an idiot

30

Thx for your post. I got it working.

One remark: I got confused about the name of the file ssh_asus_private_key. Shouldnā€™t it have ā€œhasshostā€ or ā€œpiā€ or something like that in the name instead of ā€œasusā€, because itā€™s the private key of the host where HA is running, not the private key of your router?

31

Youā€™re getting me confused now :slight_smile: But I still think it should be called ssh_asus_private_key, because itā€™s meant to connect to your Asus router and only your Asus router. The key pair (public & private key) is used for a connection to the Asus router, not for a connection to the Home Assistant machine. I hope Iā€™m making sense here.

32

Yes, true. And for this post itā€™s not necessarily wrong. (But confusing to me. :wink: )

In theory this private key belongs to the host where your HA is running. And it can be used in an ssh connection to prove itā€™s really the host of your HA the other party (with the shared public key of the host of HA) is talking to. So in theory it could be used to connect to several other parties, not only the router.

Itā€™s like having a key to your front door. Some people have the same lock on their front door as on their back door. So they could use the same key for both locks. They probably still use the name ā€˜front door keyā€™ for it. And then someone comes around and says: ā€œThatā€™s confusing to meā€. :smiley: So, not a big problem.

1 Like
33

Thanks.

I followed the steps and I implemented it in an Asus RT-AC58U

20190718 - Home Assistant 0.95.4

configuration.yaml

asuswrt:
  host: 192.168.1.1
  username: !secret usr_asus
  ssh_key: /config/ssh/ssh_asus_private_key

I hope it will be useful.

34

Question, is there anyway to pull the ssh_asus_private keys on a macOS via terminal. I do not feel comfortable installing a ported version of puttyGEn on my MacBook via home-brew?

35

Thanks that was tripping me up also.
Conversion instructions here
https://help.cloudforge.com/hc/en-us/articles/215242303-Converting-PuTTY-private-keys-to-OpenSSH-format

36

It really is mentioned in the first post. Really :slight_smile:

37

Thanks @Emphyrio, I got it working on an Asus RT-AC86U running Merlin 384.13 with Home Assistant 102.2. I thought Iā€™ve given up on getting it to work until I recently decided to give it another try (and found your post). The method using just the username and password wasnā€™t working (it threw an error in the logs saying asyncssh.misc.permissiondenied).

38

With latest HA asuswrt is not working.
Throwing
2020-02-26 12:06:34 ERROR (MainThread) [homeassistant.core] Error doing job: Task exception was never retrieved

39

Thanks, the guide worked! Little bit worried still that there is no option to encrypt with a passphrase, but then again the passphrase should be stored as well on the device for restarts :thinking: Maybe I should start looking into a keyring on rpi.

40

Thanks a lot. Well explained. Good to see good tutorials.
Health