I finally found a solution to these 401 errors with SSH connection.
TLDR: just prefix your command by source /etc/profile &&
Explanation:
The homeassistant CLI binary offers some commands to interact with the supervisor. But those commands need a token to be allowed to make request to the supervisor. To simplify the binary usage, the homeassistant OS has configured a default SUPERVISOR_TOKEN environment variable that allow us to avoid passing manually the token each time we want to use the binary.
But there is some small differences between running ssh myhomeassistant ha info and ssh myhomeassistant then ha info. One of the differences is that in the second case the SSH session is started in a “login shell” when the first case is not. And when a login shell is started, it will automatically do things you usually do not see like loading some init scripts. In particular, it will load some files in /etc/profile.d/ (see https://askubuntu.com/a/247769 for more information). This is where the Homeassistant OS has configured a script that automatically load the env var SUPERVISOR_TOKEN.
When you simply run ssh myhomeassistant ha info, the shell is started in a non login mode, thus the default supervisor token is not loaded. That cause the ha binary to not pass a token when it interacts with the supervisor. And this is why you face a “Not authorized” error.
To avoid that, you can force the shell to manually load some initialization scripts. That the purposes of source /etc/profile which will then load all the scripts in /etc/profile.d, resulting in the SUPERVISOR_TOKEN being loaded:
ssh myhomeassistant "source /etc/profile && ha info"