Ssh Connection refused

Hi all,
since I updated the system to 3.11, I can’t connect with ssh any more, is there a known issue?. The keys are ok.

ssh [email protected]
ssh: connect to host hassio.local port 22: Connection refused
3 Likes

Try verbose output in ssh

ssh -v

Keep adding v to get more logging.

More likely to be the update of the ssh add on. By default port 22 isn’t forwarded to the host, uses ingress instead.

I switched to the community edition, now works.

2 Likes

If you update the official ‘SSH Add-on’ to 8.4, ssh access from the network is disabled by default. Port 22 is no longer forwarded from the host to the ssh container.

The 8.4 update has renamed the add-on to ‘Terminal & SSH’, which by now by default, only provides access via a web terminal built into the GUI.

Out of the box, the only ssh access that the official 8.4 add-on now provides is to other containers on the same host. So it looks like the intent is to push people to use the web terminal.

The documentation was not updated. If the change was announced someplace, I have no idea where.

I’m sure the change is well intended for a more secure default configuration. However, the idea that it would suddenly break ssh access for existing users with no warning seems to have not been a concern.

I submitted a quick PR to change the default behavior back until there was more time to update the documentation, announce the change, etc. It was rejected.

How to re-enable SSH network access with the new Terminal & SSH add-on:

In the “network” dialog box for the add-on, put 22 in the field labeled host. Then restart the add-on for it to take effect.

Hope this helps other people lose a bunch of time trying to figure out why ssh suddenly stopped working using the “Official ssh add-on”.

UPDATE: A new version of the add-on will be released that doesn’t overwrite the existing port setting. So those who have already installed the SSH add-on will retain SSH network access. New installs will not have SSH network access unless they add port 22 in the network dialog box manually.

31 Likes

Got the same issue here, spent a while uninstalling, installing and no luck.

Still no luck here.

@Jack_Kitley - to fix this:

In the network dialog box for the add-on, put 22 in the field labeled host. Then restart the add-on for it to take effect.

1 Like

Thank you guys for bringing some attention to this. I had no idea my SSH was no longer available via my laptop, and the main reason I have it running is for remote access if HA doesn’t boot properly and I need to access it manually. I would have had a rude awakening.

Adding a screenshot for clarity:
image

11 Likes

Thank you for this as it fixed the problem!! So we have an “Add-On” called Terminal & SSH that does not allow SSH from the network when it previously did? The reasoning behind this is to force the use of a Web Terminal? That’s ridiculous if it’s the case. I must admit that Home Assistant has been stable the past two years for me up until a few months ago I started experiencing issues which appeared to coincide with the updates. The fact that I am adding the SSH port number (22) to a field named Host is indicative that perhaps development is being pushed out too fast before changes are reviewed properly. Home Assistant is great and I really hope to see it become more and more main stream but things like this will just frustrate new users and push them away.

4 Likes

Yeaaaaaah guys, brilliant !!! I’ve been trying to solve this one for nearly a month. When I first found that SSH connection was refused I thought maybe I’d done something dumb and so I re-loaded the Addon, reconfigured it, restarted HA, rebuilt all the keys, etc, etc, etc to try to correct the problem, at the same time as reading and re-reading the documentation, and googling to see if others were also having problems. Why, oh why, oh why did the pundits decide to disable normal SSH in the official Terminal & SSH Addon without documenting the override? Now that’s off my chest, thanks guys for finding that putting 22 in the Network host window re-enabled the connection. Whether this is documented anywhere remains a mystery to me.

The main problem I had that caused me to really need SSH rather than the UI Terminal was to manage the growing size of the HA database “home-assistant_v2.db” which was already around 9 GB. Eventually it would have filled the SD card, but I couldn’t figure out a way of removing the file as it was locked while HA was running. If I stopped HA to unlock the file I also stopped the UI and consequently the Terminal window and the shell that gave me access to manage the files. I knew that I could delete the data base from my Mac using terminal via SSH, after stopping HA via the CLI. Any suggestions on alternate ways of deleting the HA database file would be most welcome.

2 Likes

The other way to do it would be to install Samba share addon, so you can still access files when HA isn’t running.

A couple of things to add:

  1. In my opinion the current problem is that the Official Add-on’s documentation is out of date. I opened a github issue for the docs but it got closed. (I don’t think it should have gotten closed as the doc hasn’t been fixed.) Unfortunately, I’ve got too much going on right now to try to submit a PR to update that doc.
  2. SSH access is of course still available via the official add-on as long as you know the steps to enable it.
  3. Frenck’s Community add-on ‘SSH & Terminal’ (not to be confused with the official add-on ‘Terminal and SSH’) provides much better access for debugging, docker access, device access, etc. Through this problem I’ve learned about the community add-on and switched. SSH network access in the community add-on is enabled by default.
  4. I think with SSH enabled through either add-on you’d have access to your configuration if HA doesn’t start correctly, but I’m guessing.
  5. As @Casotti said, having Samba available as well would be a good backup.
  6. I think all add-ons require the supervisor to the be running correctly. The Web UI for the supervisor looks like it is still through HA so you wouldn’t be able to interact with the supervisor if HA is down. If the supervisor got broken during say a failed update, I don’t think all of the add-on containers would be running, so you’d be completely locked out.

OT: @pkelloway - I don’t think you should ever delete the SQLite database, unless you’ve moved over to a different database like MySQL or PostgreSQL. Sounds like there is an issue with database growth and figuring out what’s causing that. However, I think that would be best in a new topic related to the database.

Hope this helps,
–Rob

Thanks Casotti,
I had the Samba interface installed already but haven’t tried accessing the config files via Samba as I thought the data base file would be locked to Samba while HA is running. Also possible is that Samba stays connected with HA stopped. I’ll give both a go and get back. Cheers.

Thanks Rob for your help. Casotti also suggested using Samba. The only issue may be the data base file being locked with HA running. But I haven’t checked if Samba stays connected with HA stopped in which case the data base should be accessible. I’ll give it a go and post what I find.
Also interesting is your comment about deleting the SQLite database. I agree that deleting it is a crude way to get back SD memory space and is intended to recover HA when database corruption occurs. It would be good to find out why it grows. My thought is that it’s the retained history data that makes it grow. I use HA history graphs to examine trends in home electricity consumption and solar production as part of a future load switching automation, so without any inside information I guessed that the use of HA history graphs triggers retention of history data in SQLite. Evidence that the history data is main suspect is that after deletion of the database file all history graphs start recording from scratch again. I would like to find a more elegant method such as periodically exporting the history data from HA to elsewhere and trimming the data base back to just a few weeks worth of data. I’ll look at raising a new data base related topic on this.

Well, there’s no harm in deleting the database - all you lose is recorded data from your entities and after restart HA will build it up again.
There reason to delete it is usually simple - it grows and no actions help. I have a very limited recorder configured (to prolong SD card’s life) and still it’s 100MB+.
@rct it shouldn’t be a very big change in docs so if you PM me the idea I could make a PR.

“Make sure to install SMB and/or SSH to reach a non-responsive Hassio”.

Hassio crashes after SSH addon updated - no way to remotely login.

Performs hard reboot as SMB non-responsive as well.

May have to reformat and restore backup.

Just sweet.

In which case ssh probably won’t work either! (Even if configured correctly)

How about not simply crashing in the first place after a simple config change.

So on the page where you configure the addon are you saying it doesn’t tell you to enable the port in the networking settings? Or maybe you just have auto update switched on for all your addons? (That is a very bad idea). There is a change log on the addon config screen explaining the options for all the addons. I recommend reading them and not updating addons if you don’t understand the changes and then testing that it still works after updating (before you are in a crisis situation and find you can’t get in)

The addon isn’t causing the crash.
Did you do a config check after changing your config or did you just reboot the system?