I clearly didn’t follow the rules as I should, sorry for that. Edited previous post 
Odds are high that the problem is your use of the public key in those commands 
The public key goes to the authorized_keys file on the remote host, the private key is the one you use when connecting.
1 Like
Thanks for quick reply! And well… that’s a really good point! 
Networking is total magic to me.
I have cp’ed the private key to /config/ssh folder and tried to run commands again with it. Though again Error 255 pops up. I have wondered whether quotation marks have something to do with that as I have seen mentions on that above (though as I’m running simple “kodi” command I guess that no quotation marks should be required, right?), but that’s still not that.
Examples of errors I receive when running those:
[homeassistant.components.shell_command] Error running command: `ssh -i /config/id_rsa -o 'StrictHostKeyChecking=no' [email protected] `kodi``, return code: 255 NoneType: None
[homeassistant.components.shell_command] Error running command: `ssh -i /config/id_rsa -o 'StrictHostKeyChecking=no' [email protected] 'kodi'`, return code: 255 NoneType: None
[homeassistant.components.shell_command] Error running command: `ssh -i /config/id_rsa -o 'StrictHostKeyChecking=no' [email protected] kodi`, return code: 255 NoneType: None
[homeassistant.components.shell_command] Error running command: `ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i /config/.ssh/id_rsa [email protected] kodi`, return code: 255 NoneType: None
[homeassistant.components.shell_command] Error running command: `ssh -o UserKnownHostsFile=/ssh/known_hosts -o StrictHostKeyChecking=no -i /config/.ssh/id_rsa [email protected] kodi`, return code: 255 NoneType: None
When I look at above there seems to be no sense in quotation marks as I still cannot go through validation phase to run those anyway.
Did you add the public key to the authorized_keys file for pi on the remote host?
Where is your private key? You seem to be confused about where it might be.
Gosh, please disregard above. In the mess of the code I messed up the path to priv key. Changed that to:
run_kodi: ssh -i /config/ssh/id_rsa -o 'StrictHostKeyChecking=no' [email protected] kodi
And now it works w/o problems
Tinkerer thanks a lot for your help
1 Like
To recap so it might be useful for somebody looking for answer:
Supervised install running on Docker on RPI.
- Keys generated in Hass.io terminal (not RPI terminal) (addon Terminal & SSH used here) via ssh-keygen command.
- Keys copied to /config/ssh via
cp /.ssh/id_rsa /config/ssh/id_rsaandcp /.ssh/id_rsa.pub /config/ssh/id_rsa.pub(in Hass.io terminal) - Pub key (
id_rsa.pub) copied to PI’shome/pi/.ssh/known_hosts - SSH settings edited not to use password auth (note that if you use different machines to ssh to PI you will need to add them by public key as well, you will not be able to log in with password after that). Edit
/etc/ssh/sshd_configwith:PasswordAuthentication no - Command run with use of priv key (
id_rsa) - in my case command is:run_kodi: ssh -i /config/ssh/id_rsa -o 'StrictHostKeyChecking=no' [email protected] kodi
Aaand that’s it I guess. Hope that I didn’t miss anything. Thanks again Tinkerer for help. I finally kinda understand how priv and pub keys in ssh work. Next task - figure out how to shut kodi down from terminal without ending up with black screen . That’s totally separate topic though.
4 Likes
Hi, I also have home assistant installed on Docker running on RPI. I followed your steps and it worked perfectly when launching the following command from Terminal&SSH add-on:
ssh -i /config/ssh/id_rsa -o 'StrictHostKeyChecking=no' [email protected] sudo systemctl stop kiosk.service
After launching the command, it prompts the RPI password and then it is executed correctly.
If I add the following to my configuration.yaml instead:
shell_command:
close_kiosk: ssh -i /config/ssh/id_rsa -o 'StrictHostKeyChecking=no' [email protected] sudo systemctl stop kiosk.service
Nothing happens.
Maybe because password is missing in the shell command and it cannot prompt for it to execute the command ?
Did you copy the public key to the remote machine? Did you copy the private key to the home assistant directory?
I followed the above steps of PaFcio. Therefore I used ssh-keygen command on RPI terminal to generate id_rsa and id_rsa.pub.
So I currently have:
-
id_rsaandid_rsa.pubin RPI folder/home/pi/.ssh/ -
id_rsa.pubin RPI folder/home/pi/.ssh/known_hosts/ -
id_rsaandid_rsa.pubin home assistant folder/usr/share/hassio/homeassistant/ssh/
If I check the Log viewer after launching the command from Developers Tools in home assistant, I can see my command plus return code: 255
1 Like
On which Pi, the remote Pi? When you ssh into the remote Pi from the Home Assistant terminal, do you need to enter a password? If yes, then you haven’t set it up correctly.
What you mean with “remote Pi” ? I ran the ssh-keygen command on the host machine basically, on which it is installed Docker.
Correct, if I ssh from home assistant terminal, then I have to insert the password to effectively execute the command.
May be shall I set up something in my configuration.yaml to “include” the ssh folder ?
Do you want to run the shell command on the same machine that you run home assistant on? If so, the procedure is different.
OK, I will recap my situation just to be sure that you can point me to the right procedure then:
- I have a RaspberryPi running Raspbian OS with a static
raspberryPi_local_ip - On this RaspberryPi I installed Docker
- Home Assistant is installed on a Docker container
- I’m used to visualize Home Assistant by opening
raspberryPi_local_ip:8123on browser in kiosk mode - I wanted to create a small automation in Home Assistant to send a command on the RaspberryPi to stop the kiosk mode
Which one is the correct procedure then ?
You need to generate the ssh keys inside the docker container and copy the public key to the host, then you should be good to go
And he did, as he wrote via generating key from Hass.io terminal. There is one step that I forgot about in my short explanation, that is disabling password entry in ssh.
This additional step:
Edit /etc/ssh/sshd_config so that:
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
DO NOTE that by doing this you will not be able to log in via ssh password anymore and each and every machine you want to use to log in via ssh needs to be included by adding public key to known_hosts
Then I misinterpreted this:
I assumed RPI terminal is the terminal on the host and not inside the hass.io container.
Seems that I misinterpreted as well, sorry. Poli88, you need to run that command in Hass.io terminal, not RPI terminal (you are generating key private and public key for machine that needs access to PI, not other way around). Please see previous post before my step-by-step explanation, Tinkerer explained that well there.
Hi Guys, so I followed again all the steps as above by generating the ssh keys from the Hassio terminal, but now if I run the command I get [email protected]: Permission denied (publickey).
What could be the issue 
?
You need to copy generated public key to known-hosts in RPI ssh folder. The public key generated via Hass.io terminal. I explained what command to use in Hass.io terminal to do that:
- Keys copied to /config/ssh via
cp /.ssh/id_rsa /config/ssh/id_rsaandcp /.ssh/id_rsa.pub /config/ssh/id_rsa.pub
Ok I did some tests and finally sorted out the issue. I already followed all your steps, but was not enough.
Further to that, I had to add the public key to authorized_keys on RPI ssh folder. Moreover, I also modified PermitRootLogin no in my sshd_config. Now it finally works fine !! Thanks a lot for your help !!
1 Like