SSH'ing from a command line sensor or shell command

Right so the first problem is that just like you need to use the -i flag to point to the identity file when you use the ssh command, you ALSO have to do the same with the ssh-copy-id command, otherwise it is trying to find the key inside the docker container.


ssh-copy-id [email protected] -i /config/.ssh/id_rsa

(Also I hope that you didn’t enter a passphrase when generating the key, otherwise it can’t be used in a command line)

1 Like

I did enter a password initially, did it again without.

root@v-hass:/config/.ssh# ssh-copy-id [email protected] -i /config/.ssh/id_rsa
/usr/bin/ssh-copy-id: ERROR: no ID file found

I’m not following you where you say using the -i flag when using the ssh command
Do you mean in the config of my command line switch?

Yes, the -i flag must need to go first, that’s fine:

ssh-copy-id -i /config/.ssh/id_rsa [email protected]

You will need to edit your ssh commandlines to look like this:

"ssh -i /config/.ssh/id_rsa pi@rpi echo 1 | tee /sys/class/backlight/rpi_backlight/bl_power"
1 Like

Thanks for sticking with me man!

The key is not copied to the remote /config/.ssh

root@v-hass:/config# ssh-copy-id -i /config/.ssh/id_rsa [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/config/.ssh/"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

When I try to login to the RPi, it asks me to enter a password.
(gotta go now, will check back later)

You probably typed the command it suggested you type:

ssh [email protected]

But as I previously indicated - you need to use the -i flag and tell it where to find the identity file:

ssh -i /config/.ssh/id_rsa [email protected]

that should not ask you for the password, hopefully :slight_smile:

1 Like

Just an FYI you’re commenting on a guide that essentially explains the issues you’re facing, did you read it? For example:

Since you told the command to generate the key file inan unusual location (/config/.ssh) then you need to tell it where it is for all future ssh commands with -i. That includes ssh-copy-id as Andrew noted.

In addition I notice on your commands you don’t seem to be specifying -o UserKnownHostsFile or -o StrictHostKeyChecking=no on your command. Which means your command will work for now but break next time you update since the known_hosts file is in /root. Would recommend reading the section called “Handling the known_hosts file” for why that’s an issue and the options to fix it.

Don’t do this.

  1. It doesn’t do what you think it does. There’s a user with the id “all”. You pinged them.
  2. If it did do what you thought it did (pinged everyone) a moderator would certainly be here warning you to never do that again.

Replying on a post notifies everyone that follows that post, you don’t have to @ anyone for that. Just for future reference.

1 Like

Hi @CentralCommand, thanks for stepping in and rubbing my nose in it! :blush:

I started over, but still not working.
This is what I did:

  1. generated the key, stored in /config/.ssh/id_rsa with no password
  2. copied the key with ‘ssh-copy-id -i /config/.ssh/id_rsa [email protected]
    If I understand it correctly: the -i /config/.ssh/id_rsa in the above command searches in that spot for the key.
    What about the remote directory, is that of any importance?
  3. Tested with ‘ssh -i /config/.ssh/id_rsa [email protected]’ which let’s me connect without asking a password.

When I try the command form HA shell:

root@v-hass:~# "ssh -i /config/.ssh/id_rsa [email protected] echo 1 | tee /sys/class/backlight/rpi_backlight/bl_power"
-bash: ssh -i /config/.ssh/id_rsa [email protected] echo 1 | tee /sys/class/backlight/rpi_backlight/bl_power: No such file or directory


root@v-hass:~# ssh -i /config/.ssh/id_rsa [email protected] echo 1 | tee /sys/class/backlight/rpi_backlight/bl_power
tee: /sys/class/backlight/rpi_backlight/bl_power: No such file or directory


root@v-hass:~# ssh -i /config/.ssh/id_rsa [email protected] 'echo 0 | tee /sys/class/backlight/rpi_backlight/bl_power'
tee: /sys/class/backlight/rpi_backlight/bl_power: Permission denied

So I don’t know if it’s a matter of syntax or something else.

Try it with " not ’ because bash is probably seeing the | and trying to pipe the command:

root@v-hass:~# ssh -i /config/.ssh/id_rsa [email protected] "echo 0 | tee /sys/class/backlight/rpi_backlight/bl_power"

nope… :roll_eyes:

root@v-hass:~# ssh -i /config/.ssh/id_rsa [email protected] "echo 0 | tee /sys/class/backlight/rpi_backlight/bl_power"
tee: /sys/class/backlight/rpi_backlight/bl_power: Permission denied

OK, but that is a response from the Pi though, so the login is at least working. Permission denied is coming from the Pi saying that you can’t do that.
Try removing the entire command so you are just doing:

ssh -i /config/.ssh/id_rsa [email protected]

and see if it will let you type the command then?

Yessss, first login in and then running the command works but I have to add sudo to both echo and tee. :star_struck:

I did put this in my switches.yaml but nothing happens.

This works:

root@v-hass:~# ssh -i /config/.ssh/id_rsa [email protected] "sudo echo 0 | sudo tee /sys/class/backlight/rpi_backlight/bl_power"
root@v-hass:~# ssh -i /config/.ssh/id_rsa [email protected] "sudo echo 1 | sudo tee /sys/class/backlight/rpi_backlight/bl_power"

This not:

- platform: command_line
      command_off: ssh -i /config/.ssh/id_rsa [email protected] "sudo echo 1 | sudo tee /sys/class/backlight/rpi_backlight/bl_power"
      command_on: ssh -i /config/.ssh/id_rsa [email protected] "sudo echo 0 | sudo tee /sys/class/backlight/rpi_backlight/bl_power"

OK a few things, you don’t need to use sudo to echo, so you can happily remove sudo from the echo commands, you only need the sudo to write (tee) to the /sys/ tree.

Second try it like this:

command_off: "ssh -i /config/.ssh/id_rsa [email protected] \"sudo echo 1 | sudo tee /sys/class/backlight/rpi_backlight/bl_power\""

Because Home Assistant (python) is trying to execute the command in bash, but needs to be told the " must be present in the command, so we use \" to tell whatever language we are coding with - that they must be escaped so that they pass through to the command line properly.
I’ve left the sudo there on the echo for now, until we verify we can get the command working as is.

Thanks again for your swift reply, it doesn’t work… :roll_eyes:

So to be clear: I edited my switches.yaml, checked the configuration and restarted HA.
From the developer tools → states, I use the entity and get:

I can push the lighting icons, the right one (on) turns blue briefly and switches back after a few seconds.
ATM the RPi screen is on, so even the icon doesn’t not represent the right state.


Does it matter that the HA user is different from the Linux user that HA runs on?

I mean HA runs in a container so its a different user no matter what even if they have the same name. Either way you’re ssh’ing as part of the command so you specify the user to use as part of that.

What does the log say? Did you set log level to debug for the integration? Should be components.command_line.switch I believe. Then it’ll log stdout and stderr to the log.

Hi Mike, thanks for that suggestion because I was not aware of this possibility.
This is what I get from the log:

Logger: homeassistant.components.command_line.switch
Source: components/command_line/
Integration: command_line (documentation, issues)
First occurred: 13:00:03 (3 occurrences)
Last logged: 13:00:19

Command failed: ssh -i /config/.ssh/id_rsa [email protected] "echo 0 | sudo tee /sys/class/backlight/rpi_backlight/bl_power"
Command failed: ssh -i /config/.ssh/id_rsa [email protected] "echo 1 | sudo tee /sys/class/backlight/rpi_backlight/bl_power"

So what you copied there is from the warnings UI at the top of the log page. Which is really helpful usually but not in this case. The problem is what that UI does is highlight recent logs of error or warning level so you can easily see them, see how often they’re happening and get any additional info HA can provide about them.

But in this case we’re looking for a debug level log. That’s what will contain stdout and stderr when the command runs. To find that you have to look at the whole log file (or at the bottom of the log page) and fine the debug level line from when your sensor ran.

Hi all,

@CentralCommand Mike I’ve been successfully controlling a Raspberry Pi following the instructions in the OP.
Today that Rpi developed an issue that forced me to reinstall everything from scratch.
I then attempted to regenerate the ID file, and reconnect the Rpi with HA.
Here are the steps:

  • Created the keys pair
ssh-keygen -t rsa

Was asked where to save the file:


Did NOT add a passphrase. Then tried to copy the public key to the Rpi:

docker exec -it homeassistant bash
ssh-copy-id -i /config/.ssh/ [email protected]

and I got this error message:

Screenshot from 2022-03-19 21-29-15

I don’t know how to proceed now. Can someone help me sort this out please?

That is normal behavior. ssh warns you that the public key of the host you are trying to connect to has changed. Since you reinstalled the host, and in the process generated new keys, it should be safe to assume there is no man-in-the-middle attack and just do

ssh-keygen -f "/config/.ssh/known_hosts" -R

to remove the old key from your known_hosts.


Thank you @ondras12345
I executed the command, then started the whole process from scratch.
Unfortunately I was getting the same error.
It turns out that I needed to delete the key manuall by using:

nano /config/.ssh/known_hosts

Then I started the process again and it all works great now.
Thank you for your guidance, problem sorted!

1 Like