How to get access at damn host system?

I finally got it to work with the info from here: https://developers.home-assistant.io/docs/operating-system/debugging/#generating-ssh-keys

and here: https://askubuntu.com/questions/204400/ssh-public-key-no-supported-authentication-methods-available-server-sent-publ

Basically you have to either have or generate a private key file. I’d recommend doing it in Putty, or Mobaxterm (my choice). Then copy the key info from the GUI, NOT from the .ppk file. Put that in an authorized_keys file on a USB drive and import it per the instructions in the first link.

Then set up your terminal app to use the .ppk file. SSH and log in as root. Then type “login” and it will drop you to the root OS shell like it should without incorrect login errors.

So you mean on the actual host PC, or via SSH?

I followed the exact procedure that terri1769 laid out. I can ssh in using the .ppk file without issue, but once I’m in I still get this:

~ $ login
core-ssh login: root
Login incorrect
core-ssh login:

If I go to the console of my VM and type “login” it lets me right into the root OS shell. I’m running HassOS as a VM on ESXi, probably irrelevant but that’s the only difference I can see between me and most standard deployments.

Why are you typing login? You are already logged in by ssh. Because thats what the instructions say.

Sheller, did you connect to port 22 or 22222? If you connected to 22 it will indeed do that. 22222 has to be configured per the directions to work. Just a guess.

I’ve tried both but same result unfortunately, I can connect over SSH with either port but the login command to access the OS fails either way.

so what do you have access to after logging in to ssh on port 22222? What is the output of the following commands?

whoami
pwd

Running HA OS in Proxmox (Debian) on a NUC10i7FNK. My main computer is Win 10-64.
I’d like to update the firmware on my HUSBZB-1 stick and it seems like I need to be able to SSH in following:
https://developers.home-assistant.io/docs/operating-system/debugging/#ssh-access-to-the-host

I setup a USB stick and plugged it in and see this in the logs so it looks like it worked?

21-01-03 00:03:48 INFO (MainThread) [supervisor.hassos] Synchronizing configuration from USB with Home Assistant Operating System.
21-01-03 00:03:48 INFO (MainThread) [supervisor.host.services] Restarting local service hassos-config.service

I tried to SSH to [email protected] -p 22222 using PuTTY and the connection is refused. This is what the logs show:

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2021.01.02 16:25:38 =~=~=~=~=~=~=~=~=~=~=~=
Event Log: Looking up host "homeassistant.local" for SSH connection
Event Log: Connecting to fe80::422e:207f:2e79:5563%14 port 22222
Event Log: We claim version: SSH-2.0-PuTTY_Release_0.74
Outgoing raw data at 2021-01-02 16:25:38
  00000000  53 53 48 2d 32 2e 30 2d 50 75 54 54 59 5f 52 65  SSH-2.0-PuTTY_Re
  00000010  6c 65 61 73 65 5f 30 2e 37 34 0d 0a              lease_0.74..
Event Log: Failed to connect to fe80::422e:207f:2e79:5563%14: Network error: Connection refused
Event Log: Network error: Connection refused

Does “Event Log: We claim version…” mean it actually connected? I also tried localhost, homeassistant.localhost, the IP for HA and they all failed.

I also tried ssh [email protected] -p 22222 in an Ubuntu session in WSL2 and the connection was refused (I installed my private key there).

Not sure what to try next; is there a way to verify the private key was added? I have pretty basic linux skills so use small-medium sized words :slight_smile:

1 Like

I’m having the same issue as Eric. It took me forever to figure out how to:

  • get the file in the perfect format (VSCode failed me, Notepad++ had the ANSI encoding, both had the LF option available),
  • then get the file on the thumb drive perfectly named (“CONFIG”) and with a file system type that is “supported” (exFAT isn’t supported but was the only one that would succeed in formatting… until I opened Disk Management and removed the volume and recreated it to format to NTFS),
  • Then share the USB port on my Proxmox server with the VM
  • Then I get the same messages when I select “Import from USB” about synchronizing configuration
  • when I go to connect to port 22222, with the private key loaded to the Putty connection, it says: Server refused our key
    image
~ $ whoami
root
~ $ pwd
/root

It confirms I’m in as root, I’m starting to suspect there’s just a misunderstanding on my part here. I’d gotten the impression somewhere that it’s possible to access the root OS bash prompt through the SSH add on, as you would if you’re accessing the console directly on the physical hardware with a keyboard/monitor or on a VM through the virtual console.

Looking over the thread again I don’t see anyone explicitly saying they accomplished this so I’m leaning towards guessing that the SSH add on can’t escape it’s own container environment and the files presented to the hassio docker containers. If anyone can confirm that the SSH add-on should be able to access the OS’s bash prompt and full file system then I’ll take another look.

From what I learned during last few days your last part is absolutely correct:

  • add-on provided SSH only grants access to the container it runs in, „login“ never worked for me (which password for „hassio“ by the way?)
  • full root access is possible by
    A) enabling root ssh access like described in the dev manual of HASS OS (regular/pure/full SSH)
    B) using the console as root (well, simple but no remote access)
    C) when using Portainer by accessing the homeassistant container selecting the console function and using root without a password to log in (that’s only a web view based access, but might be sufficient for certain short-term use cases - and you don’t need to handle keys like for option a). Doing stuff in the Docker environment needs of course to be handled with special care (like every root access).

Please correct me or add if I missed/noted something wrong.

I’m pretty sure it can not do that.

However I just saw this posted, which looks like it will do what you ask:

1 Like

As @Silicon_Avatar stated, SSH Plugins cannot access the HA> prompt. This is because they exists inside a docker container. However, also as @Silicon_Avatar stated, my addon will break that container for you with an SSH Key after a reboot.

This error indicates that you have successfully uploaded a file to activate the 22222 port.
Unfortunately, the key (public) that was uploaded to HAOS does not pair to the (Private) key that Putty is using. IOWs a key mismatch.
either you uploaded the private key and trying to use the public key for access (reversed the keys), or your formatting of the key public key to the HAOS was bad. Third possibility, the HAOS pulled a bad copy.

Open the authorized_keys file and the format should follow this all on one line:
ssh-rsa AAAAbunchmorecharas== rsa-key-a_date

My key is:
ssh-rsa AAAbunchmorecharas== rsa-key-20210105

In Notepad++, I ensured LF and ANSI, “saved as” to the thumbdrive that’s formatted as NTFS. Did Import from USB, got the message, tried putty into 22222 with new private key and same message.

Whole reason I’m trying to get to this is to install a cli tool for: https://github.com/rospogrigio/localtuya

I can get to a command line via Proxmox but I don’t know if that is the right place to install this tuya api tool where it can/could interact with HA properly, can’t even use “npm” or “apt-get” so probably not the right place

image
image

I don’t believe HassOS has either of those installed. HAOS is not intended as a general use platform, and only has just enough installed to properly run the HA ecosystem.

Taking a quick look through the HAOS github repo, I see it has busybox which includes things like cat, tail, whoami, chmod etc, and bash is included, but I don’t see anything for npm or apt.

It uses apk. Apk add curl. It has a limited Repository but it’s there

The SSH 22222 Configurator works well, BTW. Just put your key in the UI, hit start, and reboot


1 Like

You only need ssh access for this task.

What on earth makes you think apt-get would be installed on a non debian(like) system?

1 Like