Restart HASSIO from my pfsense router


I would like to restart home assistant from my pfsense router once my SSL certificates have been renewed by pfsense(ACME, lets encrypt). I want to keep certificates renewal from pfsense, I’m using wildcard so same certificates for all my sub-domains.

So far I can scp my certificates to hassio. And of course I can SSH into hassio!

Now I’m trying to restart HA from pfsense.

Here what I tried while SSHing from pfsense cli. I’m almost there but I miss something. I’m pretty new to CLI in general.

RESTART OK ; I SSH then I can type my command

[2.4.4-RELEASE][root’@'pfsense.domain.xx]/root: ssh -i ~/.ssh/opensshhassio [email protected]

| | | | ()
| |__| | __ _ ___ ___ _ ___
| __ |/ ` / __/ __| | |/ _
| | | | (
| _
__ _| | () |
| ||_,|/()_|___/

Our Cli:
$ hassio help

debug1: permanently_set_uid: 0/0
core-ssh:~#hassio homeassistant restart

HASSIO RESTART :slight_smile:

RESTART DOES NOT WORK ; trying to restart with a single line

[2.4.4-RELEASE][root’@'pfsense.domain.xx]/root: ssh -i ~/.ssh/opensshhassio [email protected] hassio homeassistant restart
debug1: permanently_set_uid: 0/0
time=“2019-01-16T21:25:59-05:00” level=error msg=“Unexpected server response”
Unexpected server response



[2.4.4-RELEASE][root’@‘pfsense.domain.xx]/root: ssh -i ~/.ssh/opensshhassio root’@' ‘hassio homeassistant restart’
debug1: permanently_set_uid: 0/0
time=“2019-01-16T21:29:07-05:00” level=error msg=“Unexpected server response”
Unexpected server response


Am I missing something to achive a restart with a single line in order to do a script?

Thank you for your help!


PS I added quotes to some ‘@’ since I’m a new user I can’t add more than 2 links!

Why wouldn’t you just use reverse proxy? Alleviates the need for restarting home assistant or scping the files over.

You can even use reverse proxy right on pfsense.

Thank you for the suggestion and pointing me in the right direction, I’ll read about reverse proxy implementation. It will achieve my end goal in a more efficient way. I’m still curious about what I’m missing in my cli.

The first time ssh connects to a host it asks you to confirm the identity of the host, and you have to respond from the commandline. This is possibly what is making it fail. What error message do you get in ssh when you use verbose output (ssh -v -v -v … )

There is an ssh option to avoid the handshaking, and is has been referred to in several threads recently. Unfortunately I can’t recall the invocation.

I can SSH with the username root into HASSIO w/o issue and then, I can restart HA like I would do while connected directly to HASSIO.

As soon as I add the command ‘hassio homeassistant restart’ to ssh, it throws me an error.

Here are the log near the error (I also tried to avoid handshake if I understand correctly, -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no)

ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ~/.ssh/opensshhassio root"@“ hassio homeassistant restart

debug1: Authentication succeeded (publickey).
Authenticated to ([]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Requesting no-more-sessions”@“opensshcom
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: network
debug3: receive packet: type 80
debug1: client_input_global_request: rtype hostkeys-00”@“opensshcom want_reply 0
debug3: receive packet: type 4
debug1: Remote: /root/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug3: receive packet: type 91
debug2: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: Fssh_ssh_packet_set_tos: set IP_TOS 0x08
debug2: client_session2_setup: id 0
debug1: Sending command: hassio homeassistant restart
debug2: channel 0: request exec confirm 1
debug3: send packet: type 98
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel 0: rcvd adjust 2097152
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: exec request accepted on channel 0
debug2: channel 0: rcvd ext data 34
debug1: permanently_set_uid: 0/0
debug2: channel 0: written 34 to efd 6
debug2: channel 0: rcvd ext data 78
time=“2019-01-17T19:01:50-05:00” level=error msg=“Unexpected server response”
debug2: channel 0: written 78 to efd 6
Unexpected server response
debug3: receive packet: type 96
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug3: receive packet: type 98
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug3: receive packet: type 98
debug1: client_input_channel_req: channel 0 rtype eow”@"opensshcom reply 0
debug2: channel 0: rcvd eow
debug2: channel 0: close_read
debug2: channel 0: input open -> closed
debug3: receive packet: type 97
debug2: channel 0: rcvd close
debug3: channel 0: will not send data after close
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug3: send packet: type 97
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
#0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cc -1)

debug3: send packet: type 1
Transferred: sent 2400, received 2608 bytes, in 0.0 seconds
Bytes per second: sent 70552.8, received 76667.4
debug1: Exit status 1

I’ll continue reading about reverse proxy :slight_smile:


Figured out how to remotely trigger a restart of hassio via the addon-ssh.

When trying to send hassio ha update via ssh (ansible in my case) I always got back level=error msg=“Unexpected server response”.

Turns out addon-ssh is in fact using tmux, so the proper way to send commands to it is to tell tmux what command you need to send, instead of trying to send them at the other end of the ssh.

E.g. with ansible

ansible host -m shell -a "tmux send-keys -t hassio 'hassio ha update' C-m" --become

or with ssh

ssh user@host  "sudo tmux send-keys -t hassio 'hassio ha update' C-m"

And this will essentially run the command properly in the tmux session. Took me half a day to figure out, hope it helps someone else.



I used to be able to run hassio ha update without using the tmux trick (I am doing the same, using pfsense to update LE cert and then script to reboot HA). This time I ran into the error in the OP.

The tmux trick works, but only if there is an active tmux process. If you logged into the web terminal once and did not logout (just backed out), the tmux session is still running and you hook into that. If you fully reboot the HA server and then try, you’ll run into an issue that there are no tmux servers running

no server running on /tmp/tmux-0/default

So, it seems tmux needs to be initiated prior to running the send-keys command. How does one do this?

1 Like

Why not use the restart service via the api?

A) I’m not quite yet where I know how to use the API to do the things. I do have some things I’d love to do via API though
B) I’m trying for an overall solution. Every other server/service can have a script under /root called that is called by the script on pfsense, per host. HASSIO is the one thing I can’t use like that (since the only persistent folders are not the same path that I need). So, I just have a call to send the message directly via ssh from the script if the hostname is hassio. I assume i’d have to put in an auth token somewhere in the API string if I were to call it by API? Is there a good source for beginners on how to use the API?

Is there an update to this for a more recent version of Home Assistant? It’s annoying that I can’t easily issue a command to resart the ha core via ssh.

So, once I have my pfsense box able to log into hassio as root, I can now just send “ssh root@hassio ha core restart” and it works.

I’m using the “SSH & Web Terminal” community add-on and added the key in the configuration