Run remote ssh command using command_line switch

Hi,

I’ve read a lot of post about this functionality, but still can’t get it to work. So I like to op a new topic.

What did I do solar:
Created a switch in my switch.yaml file:

- platform: command_line
  switches:
    mm_screen:
      command_on: "ssh [email protected] 'vcgencmd display_power 1'"
      command_off: "ssh [email protected] 'vcgencmd display_power 0'"

I create a ssh_key file in /config and using ssh-keygen -t rsa on the HASS.IO system
Did a - ssh-copy-id [email protected] on the HASS.IO system to the system I want to execute the command.
The command works from ssh on the HASS>IO system

Schermafbeelding 2020-03-30 om 13.44.131068×456 79.2 KB

But when a switch the switch to on, I get this error.

So any help is appreciated to get this working.

Best regards,
Rien

The homeassistant user has a different ssh key compare to the admin user…and possibly running in a different container. You’ll probably have to copy the ssh key to that user as well. Or it can’t find the id_rsa file. Or who knows.

Maybe try this? Just tell the ssh command which key file to use instead of having it figure it out with some random .ssh config file.

command_on: "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i /config/ssh/id_rsa [email protected] 'vcgencmd display_power 1'"

Execute the command:

ssh-copy-id -i ~/.ssh/mykey user@host

replace the user@host and the path to the SSH key as the homeassistant user.

But where do I do this command?

From the homeassistant system/VM

Did you copy the ssh key from the user’s home directory into /confg? Where is that key coming from?

created using in the ssh-keygen -t rsa command on the HA vm

Did you execute it as the homeassistant user?

You’ll need to do this inside the docker container.

forgive me my ignorence, but how do I know that I’m de home assistant user. I use the terminal option

whoami says I’m root

Sorry I only know the docker command to enter it docker exec -it <docker name> /bin/sh if you have portainer installed there’s an “exec” option to get into a shell inside the docker container.

Hi Jim,

I tried this too, but got the same error.

Any other tips?

Thanks,
Rien

Try -i config/ssh/id_rsa
(without the starting /)

I had the same issue. I solved it this way https://github.com/defcon24bit/record-and-replay-RF-remote#create-certificate-on-ha. Let me know if this worked for you.

You dont have touchscreen to it?
As im also using the vcgencmd display_power commands

Seems that this topic is very confusing and frustrating for many. I too am trying to just simply run a command via a switch to start a pi video looper, I have just about looked at all posts relating to this topic and still not able to get this to work.

switch:
  - platform: command_line
    switches:
      mediaplayer5:
        command_on: "ssh -i /config/ssh/id_rsa -o 'StrictHostKeyChecking=no' [email protected] sudo supervisorctl start video_looper"
        command_off: "ssh -i /config/ssh/id_rsa -o 'StrictHostKeyChecking=no' [email protected] sudo supervisorctl stop video_looper"
        command_state: "ssh -i /config/ssh/id_rsa -o 'StrictHostKeyChecking=no' [email protected] sudo supervisorctl status video_looper"
        friendly_name: "Media Player 5 - Large Projector"   

The Command works logged in as root to home assistant via terminal session.
As far as I can tell there is no other user account being run as automation or from the dashboard.

Prep-work was to create the ssh keys from the Home Assistant (Non Docker)

ssh-keygen
ssh-copy-id [email protected]

On Home assistant via terminal i copied the .ssh folder

cp -R $HOME/.ssh /config/
mv .ssh ssh

Even found someone saying to create a config in the ssh folder:

ConnectTimeout 10
IdentityFile /config/ssh/id_rsa
UserKnownHostsFile /config/ssh/.known_hosts

Not sure more on this above config file where its being called…

When I toggle the switch it turns on, then off.
Looking at logs I see the errors:

Command failed: ssh -i /config/ssh/id_rsa -o 'StrictHostKeyChecking=no' [email protected] sudo supervisorctl start video_looper

Oh also tried the above link of resetting permissions

chmod 700 ~/ssh/
chmod 600 ~/ssh/*

The reason is in the execution contexts - SSH plugin and shell_command integration are executed in different containers.
The keys are made in the addon_core_sh container, and the SSH process is started in the homeassistant container.
You need to copy the .ssh folder from one container to another.
First, on the HassOS CONSOLE, exit the command line interface to the OS shell and then execute from there:

docker cp addon_core_ssh:/data/.ssh ./
docker cp .ssh homeassistant:/data/

And then
ssh -i /data/.ssh/id_rsa -o ‘StrictHostKeyChecking=no’ root@host
works.

Thank you for this clear explanation of the problem and the solution.

Using command_line integration I can now run shutdown commands on remote servers from the ssh terminal add-on.

One problem though is every time I do a core update, it seems the homeassistant container wipes the copied ssh keys.

To make things work I have to run the docker cp .ssh homeassistant:/data/ command again.

Sorry for the stupid question - how do I get onto the HassOS console?
I’ve installed it more than a year ago and hardly recall how to get into it for maintenance… The only thing I know how to use is the SSH & Web Terminal add-on, which as we’ve seen is not what I need lol

Nonetheless, the fact keys get wiped after an upgrade is still a bummer, it makes no sense to having to re-do configs on every update

EDIT I got it sorted by installing Apache in my computer and then adding a cronjob to execute the needed command every minute, outputting to the Apache-accessible folder; lastly, I added a command_line integration to HA which runs curl my-desktop-ip/result-file Dirtiest solution possible, but…

This is clearly an old issue, but I wanted to update on this in case anyone else is hunting for this. Which might even be future me, given my current track record.

I followed these instructions (mostly the post from ndv27) to store my keys in /data/ the first time around, but got bit by the update wiping keys. I was also having issues copying files to the HA OS, which was read-only.

In the process of resolving this again, I actually encountered Home Assistant OS(VM) and ssh to remote server (Resolved) this time around, which has a different approach of storing the key in /config/. It’s also alluded to in a few posts in this thread.

Essentially, you can put your SSH keys in /config/, which is accessible from both the File editor and the Samba plugins. This is far easier to access - both good and bad. But, this way, you don’t have to migrate keys between containers and it doesn’t get wiped. You can also experiment with other folders visible from SMB to see if another one is more suitable. If you’re doing this, make sure you take extra steps to secure the keys from any other users on your network. I’d personally rather lock down HA OS than redo my system after updates.

And of course you can test the SSH connections yourself if you’ve got the HA OS SSH set up via all the extra steps with a docker exec -it homeassistant sh command to enter the home assistant container. From there, you can runssh -i /config/.ssh/id_rsa -o 'StrictHostKeyChecking=no' MyHostName to check your connection. You can also use tools like nslookup and ping to further troubleshoot connectivity.

My device has 2 GPIO relay devices and no onboard software to control them. So I ended up making a YAML configuration switch as a temporary measure while waiting for software to catch up. My configuration:

room_1_light:
  command_on: "ssh -i /config/.ssh/id_rsa -o 'StrictHostKeyChecking=no' root@MyHostName -t 'echo 1 > /sys/class/gpio/gpio108/value'"
  command_off: "ssh -i /config/.ssh/id_rsa -o 'StrictHostKeyChecking=no' root@MyHostName -t 'echo 0 > /sys/class/gpio/gpio108/value'"
  command_state: "ssh -i /config/.ssh/id_rsa -o 'StrictHostKeyChecking=no' root@MyHostName -t 'if [ `cat /sys/class/gpio/gpio108/value` == 1 ]; then echo 0; exit 0; else echo 1; exit 1; fi'"
  friendly_name: "Room 1 Light"
  unique_id: "light.room_1_light"
room_1_fan:
  command_on: "ssh -i /config/.ssh/id_rsa -o 'StrictHostKeyChecking=no' root@MyHostName -t 'echo 1 > /sys/class/gpio/gpio107/value'"
  command_off: "ssh -i /config/.ssh/id_rsa -o 'StrictHostKeyChecking=no' root@MyHostName -t 'echo 0 > /sys/class/gpio/gpio107/value'"
  command_state: "ssh -i /config/.ssh/id_rsa -o 'StrictHostKeyChecking=no' root@MyHostName -t 'if [ `cat /sys/class/gpio/gpio107/value` == 1 ]; then echo 0; exit 0; else echo 1; exit 1; fi'"
  friendly_name: "Room 1 Fan"
  unique_id: "fan.room_1_fan"

This gives me relay control and status all over SSH.