I’m using HA’s ssh integration combined with the macOS shortcuts shell command to, among other things, run an always-on Mac as a Shortcuts server. It works reliably to subvert confirmation messages and all the other folderol for which I previously relied on Pushcuts, IFTT, etc.
shortcuts command is just one possibility: HA can send whatever shell commands you like to any remote Mac, sending either a complete command, or for more complex applications, executing a script on the remote Mac. So far as Shortcuts (or any other app) is concerned, it’s all being run on the Mac, which subverts most if not all of Apple’s security nannying.
The only tricky part is implementing key pair encryption for secure password-free access to the Mac on the HA host. Key generation and installing HA’s public key on the Mac is as usual, but the HA server requires some fancy footwork. First, because most installations run Home Assistant in a container rather than directly on the host, and keys have to be accessible from within the container, not just on the host. Second, since HA updates have the potential to wipe out everything but the
config directory, there’s little point installing anything anywhere else.
Handily, both problems have a single, straightforward solution: on the HA side, implement keys and
known_hosts in a subdirectory of
/config/. (I use
/config/.ssh for consistency, but it’s arbitrary, provided you make sure the directory and its contents have the correct permissions.) Then specify the HA key and known hosts file to be used in the command itself.
-i /config/.ssh/id_rsa \
-o UserKnownHostsFile=/config/.ssh/known_hosts \
[email protected] \
/usr/bin/shortcuts "Vacuum the Dog House"
Note: The above use of \ to split the command into lines for readability won’t work in a HA’s YAML, so put it all on one line.
Multiple commands can be combined using the usual 'nix
&&, or created as individual entries in
Once set up, any script or automation can execute anything on the remote Mac simply by calling the desired command as an SSH service. HA can tell the Mac to do pretty much anything that’s executable from the command line and doesn’t require interaction. I’m experimenting with Shortcuts, AppleScript, and shell scripts, all with good results. My only complaint is that there appears to be no way to get HA to load changes to the
shell_command: configuration without restarting the server.