So after a ton of reading and trial/error, here is my guide on how I setup a HA sensor to monitor the CPU Temperature of a remote raspberry pi:
NOTE: Please read first before following along.
Create a New User on Raspberry Pi to be Monitored (optional)
- SSH into the remote pi and follow the prompts to add a new user:
sudo adduser [NEWUSER]
- You’re done with the remote pi.
SSH into Home Assistant
-
Create a public key authentication (passwordless SSH login):
-
Check for Existing SSH Keys (optional)
ls -al /config/.ssh/id_*.pub
- If the output tells you there are no such files, move on to the next step, which shows you how to generate SSH keys.
- In case you do have them, you can use the existing keys, back them up and create a new pair or overwrite it.
Generate 4096-bit Key Pair
ssh-keygen -t rsa -b 4096 -C
Location to Store the Keys
/config/.ssh/id_rsa
NOTE: If the /config/.ssh/ folder doesn’t exist, at the start of this, you need to manually create the folder. The creation of the folder and setting up the file permissions is a good gotcha in HA and was one of my main hang ups.
passphrase
(Leave Blank)
- The output then tells you where it stored the identification and public key and gives you the key fingerprint.
- You can verify you have successfully created the SSH key pair (optional)
ls -al /config/.ssh/id_*.pub
Upload Public Key Using the cat Command
ssh [remote_username]@[server_ip_address] mkdir -p .ssh
Upload Public Key from Local Machine to Remote Server
cat /config..ssh/id_rsa.pub | ssh [remote_username]@[server_ip_address] 'cat >> .ssh/authorized_keys'
NOTE: If you attempt to login to the remote server at this point, it will ask for the password.
Edit File Permissions on the Remote Server
ssh [remote_username]@[server_ip_address] "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"
Testing Your Command: Docker Container
Author: @CentralCommand Mike - SSH’ing from a command line sensor or shell command - Community Guides - Home Assistant Community (home-assistant.io)
Now that you have your ID file, lets test the command. To do this though, we can’t just run the command while SSH’ed in normally because if your command works while ssh’ed into HA that does not mean it will work when run from HA via a command line sensor.
The reason for this is because of the docker containers. When you SSH into HA you’re actually ssh’ing into an add-on which is a different docker container from HA itself. Each docker container has its own filesystem and installed packages, successfully running it while ssh’ed really doesn’t tell you anything about whether it will work when run from HA.
This is where disabling protection mode comes in.
- While SSH’ed into HA execute the following command:
docker exec -it homeassistant bash
What this will do is open an interactive bash shell on the actual
homeassistant
container where HA runs. From this shell any commands we run will be run in exactly the same way HA will run them from a shell command or command line sensor. This way we know if they work from there then they will work from HA. So now we can run our command like so and confirm that it works:
Normally you just go through this once and then you are good to go, it never prompts you to verify authenticity again. However with HA this is another gotcha. The problem is that by default the
known_hosts
file is stored in/root/.ssh
. Which means if you stop here your sensor will appear to work but will break next update when/root
is wiped clean.
Fortunately, there’s a very simple solution to this, we just need to tell our command that the
known_hosts
file is somewhere that isn’t wiped clean every update. I would suggest also putting it within/config/.ssh
but you can put it wherever you want, as long as its in somewhere like/config
that is preserved over updates. Once you decide where to put it, add this to your command:-o UserKnownHostsFile=/config/.ssh/known_hosts
. Then run your command once more from thedocker exec
shell with this addition (or from portainer if you are using the atlernative approach) so it updates your customknown_hosts
file and then you are good to go:
ssh [remote_username]@[server_ip_address] -i /config/.ssh/id_rsa 'cat /sys/class/thermal/thermal_zone0/temp'
Warning: Permanently added ‘[server_ip_address]’ (ED25519) to the list of known hosts.
Enter the same command again:
ssh [remote_username]@[server_ip_address] -i /config/.ssh/id_rsa 'cat /sys/class/thermal/thermal_zone0/temp'
You should not see a warning and should be returned with a value.
configuration.yaml
- Go to your confirguration.yaml file and under sensor, add:
sensor:
- platform: command_line
name: "Dashboard Temperature"
command: "ssh -o UserKnownHostsFile=/config/.ssh/known_hosts [remote_username]@[server_ip_address] -i /config/.ssh/id_rsa 'cat /sys/class/thermal/thermal_zone0/temp'"
unit_of_measurement: "°F"
value_template: "{{ ((value | multiply(0.001)) | multiply(1.8) + 32) | round(2) }}"
-
Save the file and Check your Configuration.
-
Restart the server.
-
Add your new sensor:
These were my steps I completed in order to make this work.
Thank you to @CentralCommand Mike for his article which really helped SSH’ing from a command line sensor or shell command - Community Guides - Home Assistant Community (home-assistant.io).