Use SSH shell_commands without a password to Windows machine

Installation Home Assistant OS
,
9

I FINALLY FIGURED IT OUT!
Once I realized the Home Assistant OS runs on containers, i knew what to do… The issue is I’m generated the keys from the root OS, not from the docker container that the shell_command runs through. That’s why I can SSH without password from terminal but get errors on the shell_command. So you need to console into the Home Assistant Docker container and generate the keys from there, not from the Home Assistant OS Terminal. Here are the steps for anyone who is interested.

  1. Install Portainer on Home Assistant. This lets you access the HA Dockers Containers.
  2. Go to “Containers”, and under “Quick Actions”, open a console for “homeassistant”
  3. Generate you ssh-keys with
ssh-keygen

and save them to “/config/ssh_keys/id_rsa”
4. On your windows machine (the machine you want to connect to without a password), navigate to “\ProgramData\ssh” and create a file “administrators_authorized_keys” (I had to create it on my desktop and copy it in because of permissions)
5. Open the “/config/ssh_keys/id_rsa.pub” key that you generated on Home Assistant with File Editor and copy the key into “\ProgramData\ssh\administrators_authorized_keys”
6. Open a Powershell as Administrator and run the following to set the proper permissions to the keys file:

Get-Acl "$env:ProgramData\ssh\ssh_host_dsa_key" | Set-Acl $env:ProgramData\ssh\administrators_authorized_keys
  1. Open “\ProgramData\ssh\sshd_config” and change the following:
    -replace ‘#PubkeyAuthentication yes’ with ‘PubkeyAuthentication yes’
    -replace ‘#PasswordAuthentication yes’ with ‘PasswordAuthentication no’
    (This makes it so anyone connecting needs to have keys, it will no longer let you ssh in with a password)
  2. Restart the ssh service by running the following in Powershell
restart-service sshd

NOW when you create a shell_command, use the following SSH line:

ssh -i /config/ssh_keys/id_rsa -o StrictHostKeyChecking=no USERNAME@WINDOWS_IP

Following on from this, I then worked out I can install sshpass in the docker homeassistant docker container. So I have both options, and I think I will go with the simpler sshpass option so I don’t have to configure all this again in the future and then I can still ssh into my machine with a password.

Thanks for all your help @rccoleman for steering me on the right path.

1 Like