SSH to the host (HassOS)

akauppi · December 31, 2019, 8:51pm

I’ve followed the SSH Access to the Host instructions, but am still unable to reach HassOS over ssh.

Here’s what I’ve done. My main question also is, what to expect. The role of the login command, in particular (instructions leave this a bit open).

USB stick with FAT32 formatting, with authorized_keys at the root, LF checked
place to RPi and “Import from USB”
the “System Log” shows this likely succeeded(?):

19-12-31 20:48:53 INFO (MainThread) [hassio.hassos] Syncing configuration from USB with HassOS.
19-12-31 20:48:53 INFO (MainThread) [hassio.host.services] Restart local service hassos-config.service
19-12-31 20:48:53 INFO (MainThread) [hassio.utils.gdbus] Call org.freedesktop.systemd1.Manager.RestartUnit on /org/freedesktop/systemd1

Expecting:

ssh [email protected] -p 22222 from my Mac (same network) would take me to something HassOS.

Actual:

$ ssh [email protected] -p 22222
ssh: connect to host hassio.local port 22222: Connection refused

Q: How should the last part look?

Edit: I tried with my userid instead, and that seems to take further. However, it doesn’t use the SSH key pairs.

$ ssh [email protected] -p 22222
[email protected]: Permission denied (publickey).

brahmafear · December 31, 2019, 10:17pm

Just confirming:

Does your authorized_keys file contain a properly formatted public key that is used by myid?

And out of curiosity, can you get to the host she’ll from console (by typing login at HA prompt)?

DavidFW1960 · December 31, 2019, 11:16pm

You need to parse the private key through as well as the port in the command line. So need the file name with the key in it…

ssh -i privatekey.txt -p 22222 user@hostname

sipodd · June 15, 2020, 6:31pm

I got the same problem, and i’m getting mad about it.
i tried the method mentioned on the dev-documentation …additionally, i tried creating the keys on another raspberry pi (dietpi) and simply did an "cp pub.key authorized_keys and uploaded this one via USB Stick.I tried rsa and ed25519
I can use this key files on any other linux host i got…but HassOS (which i really start to hate atm; Hass = hate in german):

[email protected]: Permission denied (publickey).

Here is a try with “-v”:

Summary

root@RPi4-02:~/.ssh# ssh [email protected] -p 22222 -v
OpenSSH_7.9p1 Raspbian-10+deb10u2, OpenSSL 1.1.1d  10 Sep 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.178.108 [192.168.178.108] port 22222.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type 0
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type 3
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Raspbian-10+deb10u2
debug1: Remote protocol version 2.0, remote software version dropbear_2019.78
debug1: no match: dropbear_2019.78
debug1: Authenticating to 192.168.178.108:22222 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:5w29X4b0PxPtrOLSttLTCvcuo3F4sI/VfeE69zh2p1o
debug1: Host '[192.168.178.108]:22222' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:4
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: Will attempt key: /root/.ssh/id_rsa RSA SHA256:7wZH7qlwSFeS5FeePUFdFo32q7q07xjR99LKYOBM/Ek
debug1: Will attempt key: /root/.ssh/id_dsa
debug1: Will attempt key: /root/.ssh/id_ecdsa
debug1: Will attempt key: /root/.ssh/id_ed25519 ED25519 SHA256:dynglS3XWkIk6l7VJCoBQPrqOrquqQx2DHX572mZ7DM
debug1: Will attempt key: /root/.ssh/id_xmss
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /root/.ssh/id_rsa RSA SHA256:7wZH7qlwSFeS5FeePUFdFo32q7q07xjR99LKYOBM/Ek
debug1: Authentications that can continue: publickey
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: Offering public key: /root/.ssh/id_ed25519 ED25519 SHA256:dynglS3XWkIk6l7VJCoBQPrqOrquqQx2DHX572mZ7DM
debug1: Authentications that can continue: publickey
debug1: Trying private key: /root/.ssh/id_xmss
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey).

Anyone got an hint for me?

aswinsbabu007 · July 25, 2020, 12:49pm

Try this tutorial for enabling SSH in HassOS using advanced mode

perozonp · October 7, 2020, 3:00pm

This addon is asking me a password when I do the “login” as indicated here:

The “login” command works fine if I’m connected to the hardware using a keyboard and a monitor (the physical console), it gives me full access to the host, but is not working using the ssh.

Is that the way it is intended to be? only access through the physical console?

perozonp · October 7, 2020, 10:28pm

Sorry, my bad, I was confusing the internal ssh service with the ssh add on provided for advanced users. Once I got the internal one working then I could do the “login” command I needed.

Regards.

hnefatl · December 19, 2020, 2:14pm

I had this issue when using a USB with a GPT partition table: switching to an msdos partition table (and using a FAT32 partition labelled CONFIG) worked for me, with either rsa or ed25519 keys.

kotrfa · April 22, 2021, 2:03pm

I am having exactly the same issues. Really checked the file name, checked LF, freshly formatted FAT32 USB stick recognized by hassio… Got the same results as OP, simply “connection refused”.

seems to be identical to Failing to access hassos through SSH on port 22222

mcarbonneaux · November 30, 2022, 1:48pm

there a solution troubleshoot why the haos don’t whant to get the authorized key file ?

mcarbonneaux · November 30, 2022, 2:14pm

i’ve changed the martition table to MBR, and used black usb port in place of blue one of my rpi4, and it’s worked…