Howto: Create a reverse SSH tunnel, with easy HTTPS at the other end

Hi guys, how do you add the SSH server options in Hassio? I did a copy & paste but when I save it just erase the config I added.
I read somewhere that in the hassio is not possible to add autossh because of the lack of privilages from the hassio user.

Thank you! I’ve been struggling to figure this out for months.

1 Like

I found I had to link the app up locally, and then modify the external URL in the app after to get it to authenticate.

Hello Guys,

I have running SSH tunnel using autossh add-on on hassio in docker connected to remote nginx server, so I’m able to reach my Home Assistant instance from internet by my domain.

Now I would like to use also AdGuard Home server, but when I start it I’m loosing possibility to connect to HA by domain name…
Any suggestion if this can work together and how to configure it?

Hi, i’ve already got the reverse ssh working
Now I just need to get https since I intend to integrate google assistant (which requires https in the setup)

But I keep getting this error

 unrecognized directive: proxy

my caddyfile

myownhassio.duckdns.org

proxy / localhost:8123 {
websocket
}

Any ideas on what I’m missing?

unrecognized directive: proxy

This error is either due to missing proxy plugin in Caddy setup or due to Caddy version. Syntax differs a lot from Caddy v1 vs v2. Above syntax seems of v1 while installed version as v2.

I see, is there an updated guide for it that I could refer to?
Or should install v1 to get the configuration above working?

Hi,

I had this type of issue a few times ago for my AI based security server. It is quite simple and does not require
a key.
On Home Assistant you could try to install sshpass and create a dedicated user on your external server:

     sshpass -p [mypassword]   ssh  -N -R 8887:localhost:8123 sshtunnel@[my external server]

Note: I could install sshpass using the terminal :
apk install sshpass

on your external server I use a tool called “socat” where I redirect the ssh flow from the internal
interface througth the external one (can be launch at start, ie. in /etc/rc.local ) :

     sudo socat -d tcp-listen:8888,reuseaddr,fork tcp:127.0.0.1:8887

-Franck

Hello, all.
I tried to reproduce reverse SSH tunnel, but I stuck on
Error: Invalid client id
I have HA instance of Home Assistant Operating System VMWare image, with Duck DNS add-on and it works very well on http s://sozid.duckdns.org:8123/ .
HA VM works on home server, that behind router. Router has “white” IP, not NAT.
I also have Terminal & SSH add-on installed with config

authorized_keys: []
password: qqqqqqq
apks:
  - autossh
server:
  tcp_forwarding: false
  packages:
    - autossh
username: root

Also I have external server with NGING installed, that proxy request with config

location / {
proxy_pass http s://localhost:8887;
}

When I log into HA instance by SSH and run
/usr/bin/ssh -N -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o PubkeyAuthentication=yes -o PasswordAuthentication=no -i /root/config/id_rsa -R 8887:localhost:8123 [email protected]
It starts:
Warning: Permanently added ‘176.32.32.98’ (ED25519) to the list of known hosts.
When I try to open http ://176.32.32.98/
I see nginx error
# 502 Bad Gateway
and error in HA SSH console:

connect_to localhost port 8123: failed.

OKay, I tried to change SSH start to

/usr/bin/ssh -N -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o PubkeyAuthentication=yes -o PasswordAuthentication=no -i /root/config/id_rsa -R 8887:192.168.0.102:8123 [email protected]

Where 192.168.0.102 is local IP of my HA (http s://192.168.0.102:8123/lovelace/default_view works very well, I also connecting to 192.168.0.102 by SSH to start command for SSH tunnel).

After that http ://176.32.32.98/ starts to open, but redirects to

http ://176.32.32.98/auth/authorize?response_type=code&redirect_uri=http %3A%2F%2F176.32.32.98%2F%3Fauth_callback%3D1&client_id=http %3A%2F%2F176.32.32.98%2F&state=eyJoYXNzVXJsIjoiaHR0cDovLzE3Ni4zMi4zMi45OCIsImNsaWVudElkIjoiaHR0cDovLzE3Ni4zMi4zMi45OC8ifQ%3D%3D

It’s page
You’re about to give http ://176.32.32.98/ access to your Home Assistant instance.

Logging in with Home Assistant Local.
Error: Invalid client id

START OVER

So, http s://sozid.duckdns.org:8123/ and http s://192.168.0.102:8123/ work very well, but http ://176.32.32.98/ with SSH tunnel shows error.

Tell me please, how to fix that error with http ://176.32.32.98/?