Home Automation – Enable SSH on Home Assistant

As part of Day 18 of my 100 Days of Learning I wanted to upgrade my Home Assistant setup to run from an external SSD. There is a well known issue that SD cards on Raspberry Pis corrupt after a while and also I didn’t want Home Assistant to fill up the SD card too quickly.

I am running Home Assistant on a Raspberry Pi 3B and I would like to be able to SSH into it. By default the Home Assistant OS does not have SSH enabled and you need to install an add-on to be able to do this.

SSH into the Raspberry Pi 3B

$ ssh homeassistant.local
ssh: connect to host homeassistant.local port 22: Connection refused

You need to install an add-on to get SSH working. But first you need to enable Advanced mode so that extra add-ons can be searched for on the dashboard.

To install the add-on go to the Supervisor Add-on Store and search for ssh.

I am installing the Official "Terminal & SSH" add-on because the community one’s security rating is pretty low.

Enabled the Watchdog and Show in sidebar.

Interestingly this comes with a web terminal.

Remote SSH access from the network is disabled by default. +10 in my book.

I will generate a new SSH key pair to be used only with Home Assistant and this Raspberry Pi.

$ ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa_homeassistant -C "Home Assistant RPi"

Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in .ssh/id_rsa_homeassistant.
Your public key has been saved in .ssh/id_rsa_homeassistant.pub.
The key fingerprint is:
SHA256:i0MllcT0ioS/6ab9vD/gsVNOmnMBCYrP17w4gBS4QuY Home Assistant RPi
The key's randomart image is:
+---[RSA 4096]----+
| .     ++.       |
|.o.  ...o.       |
|+. o..o....      |
|oEo .o +o.       |
|.. +  +oS.       |
|  . +..+=.+      |
|     o=o.@ .     |
|     o+oO +      |
|    .ooo+*..     |

# Added this to my Mac's keychain
$ ssh-add -K ~/.ssh/id_rsa_homeassistant

Added the newly created id_rsa_homeassistant and .pub file to my password manager.

Interestingly enough I have always wondered about what this randomart is about and it turns out that it is supposed to be a visual way for humans to identify if the server you are connecting to is what you would expect. However I have never seen this other than during the key generation phase.

Configure the SSH server. Go to the Configuration tab for the add-on.

# First you will need to copy the PUBLIC key
$ cat ~/.ssh/id_rsa_homeassistant.pub | pbcopy

Add the public key to the authorized_keys section and save. To expose the port from the docker container to the host OS enter a port number in the Network section and save.

Check the log tab to confirm it is working on Home Assistant.

[10:37:38] INFO: Starting the SSH daemon...
Server listening on port 22.
Server listening on :: port 22.

Connect using SSH. I like to have a SSH key pair per host I connect to and thus for the initial test connection I specify the key to use (option -i) before I add this to my ~/.ssh/config file. Because of my config I need to also tell ssh to use the publickey or the connections will be denied. As a bonus I figured I would give this visual randomart thing a try as well (-o VisualHostKey=yes).

$ ssh -i ~/.ssh/id_rsa_homeassistant -o PreferredAuthentications=publickey -o VisualHostKey=yes root@homeassistant.local
Host key fingerprint is SHA256:A98IsXgCboFFWUTG64OclRgiH0uMsSaUCpIaV5NJ9Ds
+---[ECDSA 256]---+
|.X*XXo.          |
|@+B+++ o         |
|OBo=oo*          |
|=.+ +o = o       |
| . =  E S .      |
|  + o  . .       |
|     .           |
|                 |
|                 |

| |  | |                          /\           (_)   | |            | |
| |__| | ___  _ __ ___   ___     /  \   ___ ___ _ ___| |_ __ _ _ __ | |_
|  __  |/ _ \| '_ \ _ \ / _ \   / /\ \ / __/ __| / __| __/ _\ | '_ \| __|
| |  | | (_) | | | | | |  __/  / ____ \\__ \__ \ \__ \ || (_| | | | | |_
|_|  |_|\___/|_| |_| |_|\___| /_/    \_\___/___/_|___/\__\__,_|_| |_|\__|

Welcome to the Home Assistant command line.

System information
  IPv4 addresses for eth0:
  IPv6 addresses for eth0:  fe80::4dbc:b38d:4441:bf58/64
  IPv4 addresses for wlan0:

  OS Version:               Home Assistant OS 5.12
  Home Assistant Core:      2021.3.4

  Home Assistant URL:       http://homeassistant.local:8123
  Observer URL:             http://homeassistant.local:4357
~ $

Ok that worked so I can now add it to my ~/.ssh/config so that the command just becomes ssh root@homeassistant.local from now on.

# ~/.ssh/config

# Home Assistant running on Rasperry Pi
Host homeassistant.local
	HostName homeassistant.local
	PreferredAuthentications publickey
	IdentityFile ~/.ssh/id_rsa_homeassistant
	IdentitiesOnly yes
	Port 22

After that worked I changed the port number in the Configuration tab as well as my ~/.ssh/config file. I rarely use default ports.

4 comments on “Home Automation – Enable SSH on Home Assistant

  1. Very useful at the start, but then just throws in the “Options” and “Network” images with no hint how you actually get to those configuration screens, and I don’t see them in any of my HA screens. Any pointers there?

Comments are closed.