Send a shell command via SSH from HA to a Raspberri Pi

Hi all,
I have a Magic Mirror (MM) that I want to control with HA.
The Magic Mirror runs on a Rpi.
HassOS is on a VM in UNRAID.

I want to create a shell command to send two commands to the MM. One is to turn HDMI off and one is to turn it on. I will be using this command to automate the MM to turn its screen off depending on a motion sensor in the same room. The idea is, if motion is detected, turn the MM screen on, when motion ends, turn the MM screen off.

The MM Rpi does not have SSH keys, I am logging in using a username and password.

The commands to turn the screen off/on are:
sudo vcgencmd display_power 0
and
sudo vcgencmd display_power 1

I have the add on " SSH & Web Terminal" installed in HA.

I find several guides on how to run shell commands but they all refer to HA installed in Docker (for example this one). Is there a guide that is exclusively for a standalone VM?

Also, as this is the first time I am attempting something like that, is there a guide that explains how to create passwordless SSH access for a standalone VM?

If I understand it correctly, the order I have to follow is:

  1. Create and install SSH Keys
  2. Create the script
  3. Use it in automation(s)

Any guidance would be greatly appreciated.

Thank you for that @VDRainer . I notice that the instructions mention docker containers. I am not running HA in a docker container. Do the instructions still apply without any changes?

HassOS runs HA in a container.

There is ssh installed in HA Container, so the fact that it is a container does not prevent usage.

However, if you want password-less logins, you need to create a private/public key-pair and store it outside the container’s filesystem. I recommend placing them next to the configuration.yaml file in /config. The private key file must be created without a passphrase.

When executing ssh commands, you need to point ssh to the private key file using the -i argument

ssh -i /config/id_rsa username@raspberrypi -- sudo vcgencmd display_power 0

Thank you @m0wlheld , I will follow the article’s and your instructions and will come back here if there is a problem.

Ok, I have two Rpi’s in my LAN.
One has only got username/password authentication and the instructions worked perfectly so thank you for pointing me there.
The other one though is set up with SSH keys already.
How would I add the HA SSH key to that?
I tried the command:

ssh-copy-id -i /config/.ssh/id_rsa.pub [email protected]

but it returned an error:

/usr/bin/ssh-copy-id: INFO: Source of keys to be installed: "/config/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
expr: warning '^ERROR: ' using '^' as the first character of a basic regular expression is not portable; it is ignored

/usr/bin/ssh-copy-id: ERROR: ssh: connect to host 192.168.1.13 port 22: Operation timed out

This is expected so I am trying to find a workaround.

Two questions:

In that machine I have set up SSH to be responding at a different port instead of 22 (let’s say 2222).
How can I change the command

ssh-copy-id -i /config/.ssh/id_rsa.pub [email protected]

to reflect that? I tried:

ssh-copy-id -i /config/.ssh/id_rsa.pub [email protected]:2222

but I got the same error.

Even if I make the change to reflect port 2222, will that even work?

ssh-copy-is is just for convenience. You can also append the contents of id_dsa.pub to file .ssh/authorized_keys on the target host.

And the -p argument is to specify a port different than the default.

Thank you @m0wlheld , I added the contents of id_dsa.pub to the end of the authorized_keys file in a new line.
When testing from HA’s Terminal to SSH I used the command:


ssh -p 2222 [email protected]

Unfortunately it returned the error:

Permission denied (publickey)

Any ideas?

ssh -i /config/.ssh/id_dsa.pub -p 2222 …

Same result @m0wlheld :pensive:

Additionally, I am now getting a new error saying

WARNING: UNPROTECTED PRIVATE KEY FILE!

Permissions 0644 for ‘/config/.ssh/id_rsa.pub’ are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key “/config/.ssh/id_rsa.pub”: bad permissions
[email protected]: Permission denied (publickey)

Ok @m0wlheld , I figured out what might be the problem.
I was using “root” as a user, which I shouldn’t as I have disabled that user in the second machine and I had forgotten about it.

I also followed the instructions from @CentralCommand 's post here to move the known_hosts file to a directory that won’t be overwritten after an update.

The command I used to ssh was:

ssh -o UserKnownHostsFile=/config/.ssh/known_hosts [email protected] -i /config/.ssh/id_rsa -p 2222

The problem I have is that when I tried to run the command:

vcgencmd display_power 0

it couldn’t run as it requires root privileges. When I replaced it with the command:

sudo vcgencmd display_power 0

I was asked for the user’s root password. When I gave the password, the command went through just fine and the monitor turned off. The problem is that I need this interaction to be happening without any prompts. The only way I can think for doing that is to use “root” instead of “user”, like this:

ssh -o UserKnownHostsFile=/config/.ssh/known_hosts [email protected] -i /config/.ssh/id_rsa -p 2222

But when I do, I’m getting the same error as before:

Permission denied (publickey)

Dead end, isn’t it. I don’t know where to go from here.

My bad, when using -i argument for ssh, specify the private key (id_rsa), not the.pub variant

And - you Need to modify the sudoers file on the target machine to allow password-sudo calls, but that is far beyond the scope of this forum.

Thank you for your help, it works now!