mirror of https://github.com/hassio-addons/repository.git synced 2025-05-06 20:21:26 +00:00

History

Franck Nijhof a47d591e52 🚑 Changed wrong file in last commit. Correcting it.		2017-08-16 23:01:20 +02:00
..
files	🚑 SSH: Hotfix issue where user was unable to log in without having a password set	2017-08-16 22:59:08 +02:00
images	✨ Add new Hass.io add-on: SSH - Secure Shell	2017-08-16 22:24:14 +02:00
CHANGELOG.md	🚑 SSH: Hotfix issue where user was unable to log in without having a password set	2017-08-16 22:59:08 +02:00
config.json	🚑 Changed wrong file in last commit. Correcting it.	2017-08-16 23:01:20 +02:00
Dockerfile	✨ Add new Hass.io add-on: SSH - Secure Shell	2017-08-16 22:24:14 +02:00
logo.png	✨ Add new Hass.io add-on: SSH - Secure Shell	2017-08-16 22:24:14 +02:00
README.md	✨ Add new Hass.io add-on: SSH - Secure Shell	2017-08-16 22:24:14 +02:00

README.md

Hass.io Add-on: SSH - Secure Shell

This add-on allows you to log in to your Hass.io Home Assistant instance using SSH. Giving you to access your Hass.io folders and also includes a command-line tool to do things like restart, update, and check your instance.

This is an enhanced version of the provided SSH add-on by Home Assistant and focusses on security, usability and flexibility.

Docker status

Features

This add-on, of course, provides an SSH server, based on OpenSSH. Additionally, it comes out of the box with the following:

A secure default configuration of SSH:
- Only allows login by the configured user, even if more users are created.
- Only uses known secure ciphers and algorithms.
- Limits login attempts to hold of brute-force attacks better.
- Many more security tweaks, this addon passes all ssh-audit checks without warnings!
Port number is configurable (You could use 1982 instead of port 22).
SFTP support is disabled by default but is user configurable.
Username is configurable, so root is no longer mandatory.
Debug mode for allowing you to triage issues easier.
Compatible if Hass.io was installed via the generic Linux installer.
Have Alpine packages installed on start. This will allow you to install your favorite tools, which will be available every single time you log in.
Execute custom commands on start automatically, so you can customize the shell to your likings.
ZSH as its default shell. Easier to use for the beginner, more advanced for the more experienced user. It even comes preloaded with "Oh My ZSH", with some plugins enabled as well.
Contains a sensible set of tools right out of the box: curl, Wget, RSync, GIT, Nmap, Mosquitto client, MariaDB/MySQL client, Awake (“wake on lan”), Nano, Vim, tmux, and a bunch commonly used networking tools.

Installation

The installation of this add-on is pretty straight forward and not different in comparison to installing any other Hass.io add-on.

If you installed the "SSH server" add-on from the built-in add-on, then that one first.
Add our Hass.io add-ons repository to your Hass.io instance
Install the "SSH - Secure Shell" add-on from our repository
Start the "SSH - Secure Shell" add-on
Check the logs of the "SSH - Secure Shell" add-on to see if everything went well.

Please read the rest of this document further instructions.

Configuration

Please remember to restart the add-on when the configuration changes.

Example add-on configuration:

{
  "debug": true,
  "port": 22,
  "username": "hass",
  "password": "",
  "authorized_keys": [
    "ssh-rsa AASDJKJKJFWJFAFLCNALCMLAK234234....."
  ],
  "sftp": false,
  "packages": [
    "python",
    "python-dev",
    "py-pip",
    "build-base"
  ],
  "init_commands": [
    "pip install virtualenv",
    "pip install yamllint"
  ]
}

Note: This is just an example, don't copy and past it! Create your own!

Option: debug

When set to true the addon will output more information in the logs of the add-on. The add-on will also start the SSH daemon in debug mode. While SSH is running in daemon mode, it will be only able to accept one single connection. As soon as this session is ended, the addon will stop running.

This might be useful when you're dealing with an unknown issue. It is recommended leaving to option set to false, unless you are troubleshooting.

Option: port

The default port for SSH is 22, some security guides actually recommend to change the port to something else. Sometimes you'd just like to have it on another port. Remember, if you change to port, be sure it is not in use already!

Option: username

This option allows you to change to username the use when you log in via SSH. It is only used for the authentication, you will be the root user after you have authenticated. Using root as the username is possible, but not recommended.

Note: Due to limitations, you will need to set this option to root in order to be able to enable the SFTP capabilities.

Option: password

Sets the password to log in with. Leaving it empty would disable the posibility to authenticate with a password. We would highly recommend not to use this option from a security point of view.

Option: authorized_keys

Add one or more public keys to your SSH server to use with authentication. This is the recommended over setting a password.

Please take a look at the awesome documentation created by GitHub about using public/private keypairs and how to create them.

Option: sftp

When set to true the addon will enable SFTP support on the SSH daemon. Please only enable it when you plan to use it.

Note: Due to limitations, you will need to set the username to root in order to be able to enable the SFTP capabilities.

Option: packages

Allows you to specify additional Alpine packages to be installed in your shell environment (e.g. Python, Joe, Irssi).

Note: Adding many packages will result in a longer start-up time for the add-on.

Option: init_commands

Customize your shell environment even more with the init_commands option. Add one or more shell commands to the list, and they will be executed every single time this add-on starts.

Known issues and limitations

When SFTP is enabled, the username MUST be set to root.

Support

Got questions? Got some unexpected behavior caused by this plugin?

Please open an issue on our GitHub repository and we'll do our best to help you out.

Credits

A big shout out to the following people, without them this add-on wasn't possible:

The team & community of Home Assistant for developing such an excellent home automation toolkit

Thank you all!

More Hass.io add-ons

Do you like this add-on? Want some more functionality to your Hass.io Home Assistant instance?

We've created multiple add-ons for Hass.io. For a full list, check out our GitHub Repository.

License

MIT License

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.