I cannot SSH into HAOS

I have HAOS installed on a Raspberry Pi 3B+. I can’t hook up a keyboard and monitor to it.

I need to SSH into HAOS (not HA Core or whatever the terminal add-on gives you access to*) to troubleshoot an issue I have with the storage used.

I tried to follow this guide:Debugging the Home Assistant Operating System | Home Assistant Developer Docs

  1. I formatted my USB drive to FAT32 (or NTFS, I don’t actually remember, now) with the right name all in caps;
  2. I created a pair of keys with putty, renamed the public key, opened it with Notepad++, converted it to AINSI and linux EOL;
  3. USB drive in the Raspberry Pi, I ran the ha os import command (several times, using different USB ports) and, since the guide says rebooting would do the same, I also rebooted;
  4. Launched the latest Putty (0.80), tried to connect to [email protected] (or the same with the IP address) using the key and always get the same error: Connection refused.

What can I do to solve this? Could I use the terminal add-on to check if the key was properly imported (at the HAOS level, not the HA Core one)?

*The ins and outs (the OS, the superviser, the docks, etc.) aren’t 100% in my mind.

Can’t you just resolve the issue through the command line that is shown in the background?

  1. I can’t because the command line in the background is not the HAOS but HA Core (or something like that). So it sees only a small fraction of the storage used;
  2. Even if I could, I’d still be interested in knowing why I can’t setup the SSH for HAOS.

I think that you have just seen this:

HOWTO: How to access the Home Assistant OS host itself over ssh - Installation / Home Assistant OS - Home Assistant Community (home-assistant.io)

Maybe you can ask under this thread

That error suggests that HA is still rejecting the connection. Assuming you’re using the right port (22222), then that error would suggest that SSH isn’t running in the HA OS. I presume, since the docs don’t explicitly mention it, that the SSH server is started once the key is imported. Could be that even though the import command succeeded, HA OS doesn’t like the key that was imported.

The formatting of the default save type of the public key is wrong. Instead of saving, you’ll want to copy the generated key into a text doc with the right formatting.

I’m also not a huge user of PuTTY (typically just use Powershell) but I think you’ll also have to import the private key to be used for authentication when you connet.

Well, I read 2222 on the guide and since I’m an idiot, I didn’t double-check.

So thank you, it works!

Yeah I did that.

Random question but do you know if I could have generated the key with Powershell with the right format and used it after with PuTTy? I could try but I don’t want to break it now that it works (and my understanding too limited to troubleshoot it afterwards) :grimacing:

Totally…or just use Powershell for both. When you generate a key with Powershell, by default it’ll drop it into the .ssh folder for your user profile. I know Powershell looks into that folder by default, but I don’t know if PuTTy does. If it doesn’t, you can just import the key.

I’m asking because I generated a key with Powershell first and the key itself mentioned Powershell at the end.

I like PuTTy because you can use the standalone .exe
I have that .exe in a dropbox folder where I put my SSH keys and config as well, which means I can access all computers from any computer I own without having to move keys around. I suppose you could do the same with Powershell but not as easily. And without a GUI.

Resolving “Corrupted MAC on input” Error for SSH Access

If you’re encountering the error message “Corrupted MAC on input” while trying to establish an SSH connection, follow this guide to resolve the issue and set up SSH access with public key authentication.

Error Message

sh

ssh [email protected]
Corrupted MAC on input.
ssh_dispatch_run_fatal: Connection to X.X.X.X port 22: message authentication code incorrect

Step 1: Specify a MAC Algorithm

To resolve the “Corrupted MAC on input” error, specify a compatible MAC (Message Authentication Code) algorithm when initiating the SSH connection. Use the following command:

sh

ssh -m [email protected] [email protected]

Replace username with your server’s username and X.X.X.X with your server’s IP address.

Step 2: Configure SSH Client for Default MAC Algorithm

To avoid specifying the MAC algorithm every time, configure the SSH client to use this algorithm by default. Edit the config file in the .ssh directory of your client machine (e.g., C:\Users\yourusername\.ssh\config on Windows):

sh

Host X.X.X.X
    HostName X.X.X.X
    User username
    MACs [email protected]

Step 3: Generate SSH Key Pair using PuTTY

  1. Download and Install PuTTY: Download PuTTY and PuTTYgen from the official website: https://www.putty.org/. Install both applications on your client machine.
  2. Generate a Key Pair: Open PuTTYgen and click on the Generate button to create a new key pair. Move your mouse around the blank area to generate randomness.
  3. Save the Key Pair: Once the key pair is generated, save the public key by clicking on the Save public key button and save the private key by clicking on the Save private key button. You can choose to protect your private key with a passphrase or leave it empty.
  4. Copy the Public Key: In the PuTTYgen window, you’ll see the public key in the text box at the top. Copy the entire contents of this box.

Step 4: Copy the Public Key to the Server using HomeAssistant Web Interface

  1. Access the HomeAssistant Web Interface: Open a web browser and navigate to the local IP address of your HomeAssistant server: http://homeassistant.local:8123/.
  2. Go to Settings: Navigate to the Settings section.
  3. Select Add-ons: In the Add-ons section, select Advanced SSH & Web Terminal.
  4. Configure the Public Key: In the configuration page, paste the copied public key into the appropriate field for authorized_keys.

Here’s an example configuration for the authorized_keys field:

yaml

username: hassio
password: pippo
authorized_keys: 
  - ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEArq3H... esempio di chiave pubblica ...== user@hostname
sftp: false
compatibility_mode: false
allow_agent_forwarding: false
allow_remote_port_forwarding: false
allow_tcp_forwarding: false

Step 5: Restart the SSH Service

To apply the changes, restart the SSH service using the HomeAssistant web interface. Go to the Developer Tools section and click on Restart.

Step 6: Connect to the Server

Now you can connect to your server using SSH without being prompted for the password:

sh

ssh [email protected]

Conclusion

By following these steps, you’ve successfully resolved the “Corrupted MAC on input” error and configured SSH access with public key authentication, ensuring a secure and convenient connection to your server.