HOWTO: How to access the Home Assistant OS host itself over ssh

michaelarnauts · January 3, 2021, 11:54am

It took a while to figure this out, so I might as well document this. Looking at the amount of search hits on this subject, I wasn’t not the only one that needed access to the host itself.

When debugging an issue related to the OS or docker, you might need access to the host itself. The Terminal & SSH Add-on drops you in a container, while this might be enough for users, you sometimes want to access the real operating system, to examine some docker issue for example.

There is a well written documentation on how to do this here: Debugging the Home Assistant Operating System | Home Assistant Developer Docs but this only works nicely when you are running HA on a Raspberry Pi. When running HA in a VM like on Proxmox, it’s more difficult to map an USB stick to be able to copy the file. Note that these steps below do the exact same thing as the copy does.

You’ll first need to login to the host itself, trough the host console. You can do this from within the interface of Proxmox. Just open the console, and login with root, you don’t need a password. Then, use login to drop to a shell. This is enough to access the host shell, but since the console doesn’t work nicely, we want to continue to enable SSH.
Now, I assume you are already running the Terminal & SSH Add-on, and have it configured with your public key. Go to your .ssh directory by running cd /root/.ssh/, and next, copy the authorized_keys file to the host. You can do this with docker cp addon_core_ssh:/root/.ssh/authorized_keys . (Note the single dot at the end of the command). To be sure, give it the right permissions, but this should already be the case. chmod 600 authorized_keys
Finally, you’ll need to start dropbear. You can do this with systemctl start dropbear.
You can now connect to your host with ssh root@hass -p 22222. Replace the hostname if needed.

I’m sorry if this has already been mentioned somewhere else, but I couldn’t find it. I might add it to the docs at Debugging the Home Assistant Operating System | Home Assistant Developer Docs sometime, but since it’s quite an advanced topic, it might not be that usefull.

djgrazzy · January 24, 2022, 5:08am

Thanks Michaël

Step 3 for me resulted in…
“/bin/ash: service: not found”
I simple rebooted the host at this step and was able to ssh successfully per step 4.

(Home Assistant OS 7.1 on HyperV)

Cheers

unmesh59 · February 13, 2022, 8:59pm

@michaelarnauts

I may have misunderstood the instructions or my problems are from running the VM in ESXi rather than Proxmox.

Where does one type the docker command to copy authorized_keys? If I do it at the HA prompt, I get the docker help command output. If I first use login to get into the host OS and then type the command, I get an error about trying to do this on a read-only file system.

After that, where do I type the chmod and service commands?

Thanks

tsparber · May 25, 2022, 7:41pm

The following command worked for me:

systemctl start dropbear

(Home Assistant OS 8.1 as ova)

CentralCommand · May 25, 2022, 7:46pm

If your goal is just to be able to use the docker CLI thre’s a much simpler solution. Install the SSH & Web Terminal addon (the one from the community add-ons repo not the one in the offical addons repo) and then turn off protection mode. You’re still ssh’ing into a container but then the docker CLI is available to you.

Miguel_Alvarez · January 26, 2023, 2:59pm

This helped me. I’ve needed to change some things because I have “SSH & Web Terminal” from Community instead of official “Terminal & SSH”.

In step 2: Find container name for my addon with:

docker ps

Change container name and folder when copying:

docker cp addon_xxxxx_ssh:/etc/ssh/authorized_keys .

Step 3:

systemctl start dropbear

And just no problems with ssh root@my_ip -p 22222

dkebler · December 24, 2023, 7:25pm

seems dropbear was enabled by default but if ssh is not available after reboot run

systemctl enable dropbear

you can see the status of dropbear service with

systemctl status dropbear

which should show enabled

● dropbear.service - Dropbear SSH daemon
     Loaded: loaded (/usr/lib/systemd/system/dropbear.service; enabled; preset: 
    Drop-In: /etc/systemd/system/dropbear.service.d
             └─hassos.conf

looking for

/usr/lib/systemd/system/dropbear.service; enabled

not disabled

panticz · January 3, 2024, 1:07am

Thank you all for pointing out dropbear as SSH Server, here a summary how to enable SSH login to the HomeAssistant host (Raspberry Pi):

# Deploy public SSH key
curl https://github.com/foo.keys >> /root/.ssh/authorized_keys 

# Enable and start SSH server
systemctl enable --now dropbear

# Login to Home Assistant host
ssh root@YOUR_HOMEASSISTANT_IP -p 22222