To recap so it might be useful for somebody looking for answer:
Supervised install running on Docker on RPI.
- Keys generated in Hass.io terminal (not RPI terminal) (addon Terminal & SSH used here) via ssh-keygen command.
- Keys copied to /config/ssh via
cp /.ssh/id_rsa /config/ssh/id_rsaandcp /.ssh/id_rsa.pub /config/ssh/id_rsa.pub(in Hass.io terminal) - Pub key (
id_rsa.pub) copied to PI’shome/pi/.ssh/known_hosts - SSH settings edited not to use password auth (note that if you use different machines to ssh to PI you will need to add them by public key as well, you will not be able to log in with password after that). Edit
/etc/ssh/sshd_configwith:PasswordAuthentication no - Command run with use of priv key (
id_rsa) - in my case command is:run_kodi: ssh -i /config/ssh/id_rsa -o 'StrictHostKeyChecking=no' [email protected] kodi
Aaand that’s it I guess. Hope that I didn’t miss anything. Thanks again Tinkerer for help. I finally kinda understand how priv and pub keys in ssh work. Next task - figure out how to shut kodi down from terminal without ending up with black screen 
. That’s totally separate topic though.