Following on from many posts on this topic, I saw the following suggestion: Remote Shutdown/Restart/Sleep/Hibernate PC - #52 by kbirger

So I figured I’d document exactly how to do this:

Part 1: Setup the User

• Create a new user.

• Create a group HASSgroup especially for them, add add the user:
  

  

  image760×525 40.6 KB

• Login as this new user to create home directories etc…

• Remove the Hass-User from the Users group so they cannot log in normally.

• Give this HASSGroup permission to restart:
  

  

  image885×726 52.4 KB

Note that removing groups doesn’t seem to take effect immediately. Not sure how to fix this.

Part 2: Setup OpenSSH

• Install openSSH Server: Instructions here: Get started with OpenSSH for Windows | Microsoft Learn
• Restrict SSH access to just the new user, by adding AllowGroups HASSgroup. Find the openSSH Server config file %programdata%\ssh\sshd_config and add the line: AllowGroups HASSgroup.
  Here’s my config:

PubkeyAuthentication no
PasswordAuthentication no

#If you need to debug:
#SyslogFacility LOCAL0
#LogLevel Debug3


Match Group HASSgroup
	   AuthorizedKeysFile	.ssh\authorized_keys     
	   PubkeyAuthentication yes
	   PasswordAuthentication no

• Restart the OpenSSH service. While you’re here, also set it to automatically restart:
  
  

  image808×376 30.8 KB
• Verify you cannot login using your regular user, but you can with the new user. You can do this by running ssh localhost / ssh HASS-User@localhost
• Generate a key on the home assistant box, and put the public key in the users’s .ssh\authorized_keys file.

Part 3: Setup the command

• Add this to the config.yaml:

shell_command:
    sleep_pc: ssh -i /config/.ssh/idpub -o 'StrictHostKeyChecking=no' [email protected] 'rundll32.exe powrprof.dll, SetSuspendState Sleep'

fwiw I switched from using psshutdown because it was causing some weird issues with games crashing after several cycles. Possibly having a to do with cream. I’m using nircmd now.

Ymmv