Running a shell command from Home Assistant to remote linux PC

I clearly didn’t follow the rules as I should, sorry for that. Edited previous post :slight_smile:

Odds are high that the problem is your use of the public key in those commands :wink: The public key goes to the authorized_keys file on the remote host, the private key is the one you use when connecting.

1 Like

Thanks for quick reply! And well… that’s a really good point! :smiley: Networking is total magic to me.

I have cp’ed the private key to /config/ssh folder and tried to run commands again with it. Though again Error 255 pops up. I have wondered whether quotation marks have something to do with that as I have seen mentions on that above (though as I’m running simple “kodi” command I guess that no quotation marks should be required, right?), but that’s still not that.

Examples of errors I receive when running those:

[homeassistant.components.shell_command] Error running command: `ssh -i /config/id_rsa -o 'StrictHostKeyChecking=no' [email protected] `kodi``, return code: 255 NoneType: None
[homeassistant.components.shell_command] Error running command: `ssh -i /config/id_rsa -o 'StrictHostKeyChecking=no' [email protected] 'kodi'`, return code: 255 NoneType: None
[homeassistant.components.shell_command] Error running command: `ssh -i /config/id_rsa -o 'StrictHostKeyChecking=no' [email protected] kodi`, return code: 255 NoneType: None
[homeassistant.components.shell_command] Error running command: `ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i /config/.ssh/id_rsa [email protected] kodi`, return code: 255 NoneType: None
[homeassistant.components.shell_command] Error running command: `ssh -o UserKnownHostsFile=/ssh/known_hosts -o StrictHostKeyChecking=no -i /config/.ssh/id_rsa [email protected] kodi`, return code: 255 NoneType: None

When I look at above there seems to be no sense in quotation marks as I still cannot go through validation phase to run those anyway.

Did you add the public key to the authorized_keys file for pi on the remote host?

Where is your private key? You seem to be confused about where it might be.

Gosh, please disregard above. In the mess of the code I messed up the path to priv key. Changed that to:

run_kodi: ssh -i /config/ssh/id_rsa -o 'StrictHostKeyChecking=no' [email protected] kodi

And now it works w/o problems :smiley:

Tinkerer thanks a lot for your help :wink:

1 Like

To recap so it might be useful for somebody looking for answer:

Supervised install running on Docker on RPI.

  • Keys generated in terminal (not RPI terminal) (addon Terminal & SSH used here) via ssh-keygen command.
  • Keys copied to /config/ssh via cp /.ssh/id_rsa /config/ssh/id_rsa and cp /.ssh/ /config/ssh/ (in terminal)
  • Pub key ( copied to PI’s home/pi/.ssh/known_hosts
  • SSH settings edited not to use password auth (note that if you use different machines to ssh to PI you will need to add them by public key as well, you will not be able to log in with password after that). Edit /etc/ssh/sshd_config with: PasswordAuthentication no
  • Command run with use of priv key (id_rsa) - in my case command is: run_kodi: ssh -i /config/ssh/id_rsa -o 'StrictHostKeyChecking=no' [email protected] kodi

Aaand that’s it I guess. Hope that I didn’t miss anything. Thanks again Tinkerer for help. I finally kinda understand how priv and pub keys in ssh work. Next task - figure out how to shut kodi down from terminal without ending up with black screen :smiley: . That’s totally separate topic though.


Hi, I also have home assistant installed on Docker running on RPI. I followed your steps and it worked perfectly when launching the following command from Terminal&SSH add-on:

ssh -i /config/ssh/id_rsa -o 'StrictHostKeyChecking=no' [email protected] sudo systemctl stop kiosk.service 

After launching the command, it prompts the RPI password and then it is executed correctly.

If I add the following to my configuration.yaml instead:

  close_kiosk: ssh -i /config/ssh/id_rsa -o 'StrictHostKeyChecking=no' [email protected] sudo systemctl stop kiosk.service

Nothing happens.
Maybe because password is missing in the shell command and it cannot prompt for it to execute the command ?

Did you copy the public key to the remote machine? Did you copy the private key to the home assistant directory?

I followed the above steps of PaFcio. Therefore I used ssh-keygen command on RPI terminal to generate id_rsa and

So I currently have:

  1. id_rsa and in RPI folder /home/pi/.ssh/
  2. in RPI folder /home/pi/.ssh/known_hosts/
  3. id_rsa and in home assistant folder /usr/share/hassio/homeassistant/ssh/

If I check the Log viewer after launching the command from Developers Tools in home assistant, I can see my command plus return code: 255

1 Like

On which Pi, the remote Pi? When you ssh into the remote Pi from the Home Assistant terminal, do you need to enter a password? If yes, then you haven’t set it up correctly.

What you mean with “remote Pi” ? I ran the ssh-keygen command on the host machine basically, on which it is installed Docker.
Correct, if I ssh from home assistant terminal, then I have to insert the password to effectively execute the command.
May be shall I set up something in my configuration.yaml to “include” the ssh folder ?

Do you want to run the shell command on the same machine that you run home assistant on? If so, the procedure is different.

OK, I will recap my situation just to be sure that you can point me to the right procedure then:

  1. I have a RaspberryPi running Raspbian OS with a static raspberryPi_local_ip
  2. On this RaspberryPi I installed Docker
  3. Home Assistant is installed on a Docker container
  4. I’m used to visualize Home Assistant by opening raspberryPi_local_ip:8123 on browser in kiosk mode
  5. I wanted to create a small automation in Home Assistant to send a command on the RaspberryPi to stop the kiosk mode

Which one is the correct procedure then ?

You need to generate the ssh keys inside the docker container and copy the public key to the host, then you should be good to go

And he did, as he wrote via generating key from terminal. There is one step that I forgot about in my short explanation, that is disabling password entry in ssh.

This additional step:

Edit /etc/ssh/sshd_config so that:

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no

DO NOTE that by doing this you will not be able to log in via ssh password anymore and each and every machine you want to use to log in via ssh needs to be included by adding public key to known_hosts :slight_smile:

Then I misinterpreted this:

I assumed RPI terminal is the terminal on the host and not inside the container.

Seems that I misinterpreted as well, sorry. Poli88, you need to run that command in terminal, not RPI terminal (you are generating key private and public key for machine that needs access to PI, not other way around). Please see previous post before my step-by-step explanation, Tinkerer explained that well there.

Hi Guys, so I followed again all the steps as above by generating the ssh keys from the Hassio terminal, but now if I run the command I get [email protected]: Permission denied (publickey).
What could be the issue :confused: ?

You need to copy generated public key to known-hosts in RPI ssh folder. The public key generated via terminal. I explained what command to use in terminal to do that:

  • Keys copied to /config/ssh via cp /.ssh/id_rsa /config/ssh/id_rsa and cp /.ssh/ /config/ssh/

Ok I did some tests and finally sorted out the issue. I already followed all your steps, but was not enough.
Further to that, I had to add the public key to authorized_keys on RPI ssh folder. Moreover, I also modified PermitRootLogin no in my sshd_config. Now it finally works fine !! Thanks a lot for your help !! :slight_smile:

1 Like