SSH commands with shell command

I have read all the posts / guides that I have found, but I cannot get the shell commands to work with hassio.

Objective:
Using hassio shell command, control several linux machines via ssh.

I tried to generate the keys on both linux and hassio machines, but I never manage to make the commands work. I am always given the error 255. There are many guides but they have confused me.
Can anyone explain, step by step, how to do it?

There’s a couple of things you need to know:

  1. Home Assistant (Core) run in its own container
  2. Anything you do in the SSH add-on is in another container

This means that you need to put the private key somewhere that Home Assistant (Core) can reach, tell it where that is, and also tell it to accept server keys:

ssh -i /config/ssh/id_rsa -o StrictHostKeyChecking=no remote_user@remote_host date

Here I’ve got an RSA private key (id_rsa) in /config/ssh/, with the permissions on the key set correctly (chmod 0600 /config/ssh/id_rsa).

The public key (id_rsa.pub in this case) needs to be added to authorized_keys in the remote users .ssh/ folder.

1 Like

I generate the ssh key on a linux machine

mkdir -p $HOME/.ssh
chmod 0700 $HOME/.ssh
ssh-keygen -t rsa

add the public key in authorized_keys always on linux

cat <your_public_key_file> >> ~/.ssh/authorized_keys

copy the private key to /config/ssh (on hassio)

scp $HOME/.ssh/id_rsa.pub user@HASSIOIP:~/config/ssh

Is it correct?

Looks about right

It’s taken me a little while to find this, so I thought I’d pass it on:

As an alternative to dodging around the known_hosts check with:
-o StrictHostKeyChecking=no
You can log into the docker image with
docker exec -it homeassistant /bin/bash
and execute the desired ssh command. It will ask about adding the host to the known_hosts file, to which you obviously answer “yes”, and you’re ready to go. This has the added benefit that you check that your ssh command actually works in the *real" environment it’s going to be executed.

@mhinch
I’m using it and it works. However, it’s not persisting for me. It will work for a few days and then it clears the keys that are stored at /.shh. They’re gone. And I then need to re-generate and copy keys to the remote machine.I think it’s may be losing them on a restart or after multiple restarts. Have you experienced this?

If you store the keys in .ssh within the container then, as soon the container is restarted this directory is emptied and ssh won’t be able to find the keys.
You need to put the key in a persistent folder (outside the container) and tell the ssh command from within the container to use those key location (using -i) instead of the default one.

Thank you so much. In my home assistant core installation I had a very similar situation, the only difference is where I put the keys. I’ve had to set 0600 to id_rsa, 0644 to id_rsa.pub, and 0700 to the .ssh folder (and to set chown to homeassistant:homeassistant to the folder and the files inside), of which the full path is: /home/homeassistant/homeassistant/.ssh
So basically the resulting working command was:
ssh -i /home/homeassistant/homeassistant/.ssh/id_rsa -o StrictHostKeyChecking=no username@computerIPaddress yourcommand