Root/.ssh must be present before run command
Ssh key likely destroyed when stop and rebuild container to add folder
But i checked the hosts /root/.ssh/ folder and the files were not updated i think, only one had been changed today. So How do i copy all the files, and can i overwrite the existing files on host? Because this looks like the standard folder for this.
Not my expertise area but on host you should ADD public key you generate. The website provided method for doing this.
In container the private key should have been save in location that was mounted. I think you used /root/.ssh
The /root/.ssh folder should have been mounted before running commands. So it look like you created keys, tested, and then went back and made container with /root/.ssh mounted(or mapped…basically the -“v folder:folder” used when make container)
I think you need to rerun all commands again because private key does not exist in container any more. You will need to recreate all keys and save to public key to host again. Then test
1 Like
It works!!
I am able to do ssh [email protected] without a password from inside the container.
How do I make sure that the commands are done with ssh now?
#!/bin/bash
ssh [email protected]
net rpc shutdown -f -t 0 -I 192.168.1.3 -U USERNAME%PASSWORD
is it this simple?
I think so
#!/bin/bash
echo net rpc shutdown -f -t 0 -I 192.168.1.3 -U USERNAME%PASSWORD | ssh [email protected]
I forget how to send command ssh but I think above is about right.
Also, restart container to make sure no login ssh still OK. May need to check again after next HA upgrade
On a side note: how is watchtower? I never use this but see many recommendation for container management
Wow, finally it works! 
Had to use ‘bash /pathtoscript/script.sh’
Without bash it wouldnt work.
Your script worked great!
And I restarted the container, it was given a new ID and ssh with root still works, hope an update doesnt break it.
I really like watchtower, it works flawlessly for me this far, thats why I wanted to keep Home Assistant on Docker, smooth updates and running great, except this workaround 
Thank you for the great help, wouldn’t ever have made it without you!
EDIT: I figured it out. I was trying to store the keys in /.ssh in the config directory, but I realized that host wasn’t looking there so it wouldn’t persist over restarts. I changed to the default - v /root/.ssh directory and it seems to we working now.
I wanted to thank you guys for this discussion. I’ve recently migrated to docker and used your discussion as a guide to setting up the SSH keys between container and shell.
The commentary about persisting keys in a mounted volume was very helpful.
One question: On other real machines (as opposed to containers ) I often find a known_hosts file generated after connection and the ‘accept keys?’ prompt. Are you seeing this file? From reading on https://www.ssh.com/ssh/host-key it seems unnecessary since we are generating our own key pairs.
I wanted to circle back around to this topic after a recent rebuild.
I’ve found that upon starting a new container, I need to execute the following in the container to get ssh keys copied and I wonder if there is a good way to automate this when the container comes up.
docker exec -it home-assistant /bin/bash
cp /config/.ssh/* /root/.ssh/
chmod 700 /root/.ssh/*
rm /root/.ssh/known_hosts
ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]
What I’m going to do i to mount my containers /root/.ssh directory to where I have my working ssh keypairs and see it this will eliminate any manual intervention. Otherwise, I’d have to shell script the procedure every time the container comes up. I deleted the known_hosts file and it seems to work fine with that missing and eliminates that step.
Those steps are obviated by doing the mount, so far so good. So I added the following to my docker-compose:
volumes:
- /root/docker/homeassistant/config:/config
- /etc/localtime:/etc/localtime:ro
- /root/docker/homeassistant/config/.ssh:/root/.ssh
where the config directory is my backed up homeassistant configuration folder and in it there are ssh keys that will allow the container to ssh into the host. Note that permissions need to be 700 or more restrictive or ssh will reject them.
1 Like
I’m having issues with this. I’ve got id_rsa in /config/.ssh/ and have copied the id_rsa.pub contents into my ~/.ssh/authorized_keys
I’m running HASS in docker. I can docker exec into the HASS container and run SSH commands like:
ssh -i /config/.ssh/id_rsa [email protected] ls
However, when I try this using commands defined in shell_commands I get a 255 error.
Checking on the docker.lan host I get:
Apr 21 14:10:13 docker sshd[3884119]: Failed password for derek from 192.168.1.14 port 41396 ssh2
Apr 21 14:10:13 docker sshd[3884119]: Failed password for derek from 192.168.1.14 port 41396 ssh2
Apr 21 14:10:13 docker sshd[3884119]: Connection closed by authenticating user derek 192.168.1.14 port 41396 [preauth]
When I try exactly the same command, copied and pasted from shell_commands and running in the HA container shell, it works. Any ideas?
Hi,
This is what works for me…
shell_restart_frigate: ssh -i /config/.ssh/homeassistant_ed25519 -o StrictHostKeyChecking=no [email protected] docker container restart frigate
So wondering if this is the missing piece -o StrictHostKeyChecking=no