How to ssh-keygen for my CLI scripts?

entmike · August 14, 2017, 1:11am

Hey guys, hopefully this is an easy one.

I’m migrating from a Ubuntu home assistant install over to Hass.io. For the most part, things are about the same to me. I learned a bit about the Docker architecture along the way which is kind of neat.

In my prior installation, I had sensors to return my various raspberry temperatures as a sensor like below:

sensor:

platform: command_line
name: Raspberry A Temp
command: “ssh [email protected] ‘cat /sys/class/thermal/thermal_zone0/temp’”
unit_of_measurement: “°F”
value_template: ‘{{ value | multiply(0.001) }}’

In order for this to work, I had to ssh-keygen in my home assistant box and add the .pub key to the authorized_hosts on my target box…

I tried doing this with the ssh addon but the .ssh directory gets wiped out every time i restart, and I’m not even sure if because of how these addons use Docker, if it’s sandboxed somewhere else and I’m not in the right environment.

Is there a way to go about ssh-keygen for Hass.io that I’ve missed?

gwmiii · August 18, 2017, 9:24am

First you need the developers SSH setup, you can find how to do it here

once you have “root@hassio:~#” prompt type “docker exec -i -t homeassistant /bin/bash”

Then follow these step But make the following change.

At step 2 save the keys to /config/ssh/id_rsa
at step 4 ssh-copy-id -i /config/ssh/id_rsa.pub hass@TARGET
To test it ssh -i /config/ssh/id_rsa hass@ TARGET

Hope this Helps

entmike · August 19, 2017, 5:59pm

Thank you, gwmill. I will try this and report back.

gwmiii · August 25, 2017, 7:31am

After test it again it failed, So you to make the changes

make a config file at /config/ssh/config and add the follows setting

ConnectTimeout 10
IdentityFile /config/ssh/id_rsa
UserKnownHostsFile /config/ssh/.known_hosts

to test ssh -F /config/ssh/config hass@TARGET

twelve · August 27, 2017, 6:46pm

Thank you @gwmiii! You’ve saved my day!

metbril · January 29, 2018, 10:00pm

I have tried all of the above, but connection to the asus wrt router is not working.

When I SSH into hass.io and then SSH into my router it is working, but the component still can’t connect.

2018-01-29 22:14:54 ERROR (SyncWorker_15) [homeassistant.components.device_tracker.asuswrt] Connection refused. SSH enabled?
2018-01-29 22:14:56 ERROR (SyncWorker_15) [homeassistant.components.device_tracker.asuswrt] Connection refused. SSH enabled?

Does anyone have suggestions?

gwmiii · January 30, 2018, 2:49am

What does your configuration file look like?

metbril · January 30, 2018, 5:22am

I have aan rpi2 running Hass.io with the SSH addon.
From the SSH prompt i have run ssh-keygen. This has created aan id_rsa key in the /root/.ssh folder. I copied both the private and public key to /config/ssh/

I also create the file /config/ssh/config

ConnectTimeout 10
IdentityFile /config/ssh/id_rsa
UserKnownHostsFile /config/ssh/.known_hosts

This is the config for the component

configuration.yaml

device_tracker:
  - platform: asuswrt
    host: !secret asuswrt_host
    username: !secret asuswrt_username

The host and username in secrets are correct.

From the ssh prompt of my Hass.io machine I can succesfully ssh into the router with any of these:

$ ssh [email protected]
$ ssh -i /config/ssh/id_rsa [email protected]
$ ssh -F /config/ssh/config [email protected]

I have said yes at first connection, so the host has been added to .know_hosts in both /root/.ssh and /config/ssh

metbril · January 30, 2018, 6:06am

I found the issue. I was under the assumption that the ssh key could be found by the system. Instead I needed to specify the path to the key file explicitly. It is working now. For future reference, this is my working config:

configuration.yaml

device_tracker:
  - platform: asuswrt
    host: !secret asuswrt_host
    username: !secret asuswrt_username
    ssh_key: /config/ssh/id_rsa