addon-ssh
addon-ssh copied to clipboard
hassio-addons
Permissions 0755 for '/data/ssh_host_rsa_key' are too open
Problem/Motivation
I'm on a new installation of HA on a raspi 4 with a restored backup where I had Advanced SSH & Web Terminal running for over a year.
Expected behavior
addon-ssh should start (ideally with a backup-pulled config, which could be a separated issue)
Actual behavior
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service base-addon-banner: starting
-----------------------------------------------------------
Add-on: Advanced SSH & Web Terminal
A supercharged SSH & Web Terminal access to your Home Assistant instance
-----------------------------------------------------------
Add-on version: 18.0.0
You are running the latest version of this add-on.
System: Home Assistant OS 13.0 (aarch64 / raspberrypi4-64)
Home Assistant Core: 2024.8.1
Home Assistant Supervisor: 2024.08.0
-----------------------------------------------------------
Please, share the above information when looking for help
or support in, e.g., GitHub, forums or the Discord chat.
-----------------------------------------------------------
s6-rc: info: service base-addon-banner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service base-addon-log-level: starting
s6-rc: info: service fix-attrs successfully started
Log level is set to INFO
s6-rc: info: service base-addon-log-level successfully started
s6-rc: info: service legacy-cont-init: starting
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service init-ssh: starting
s6-rc: info: service init-mysql: starting
s6-rc: info: service init-mosquitto: starting
s6-rc: info: service init-docker: starting
[10:14:13] WARNING:
[10:14:13] INFO: Docker support has been enabled.
s6-rc: info: service init-mysql successfully started
s6-rc: info: service init-docker successfully started
s6-rc: info: service init-mosquitto successfully started
[10:14:13] WARNING: Logging in with a SSH password is security wise, a bad idea!
[10:14:13] WARNING: Please, consider using a public/private key pair.
[10:14:13] WARNING: What is this? https://kb.iu.edu/d/aews
[10:14:13] WARNING:
s6-rc: info: service init-ssh successfully started
s6-rc: info: service init-user: starting
s6-rc: info: service init-user successfully started
s6-rc: info: service ttyd: starting
s6-rc: info: service sshd: starting
s6-rc: info: service sshd successfully started
s6-rc: info: service ttyd successfully started
s6-rc: info: service legacy-services: starting
[10:14:13] INFO: Starting the ttyd daemon...
[10:14:13] INFO: Starting the SSH daemon...
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0755 for '/data/ssh_host_rsa_key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Unable to load host key "/data/ssh_host_rsa_key": bad permissions
Unable to load host key: /data/ssh_host_rsa_key
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0755 for '/data/ssh_host_ed25519_key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Unable to load host key "/data/ssh_host_ed25519_key": bad permissions
Unable to load host key: /data/ssh_host_ed25519_key
sshd: no hostkeys available -- exiting.
s6-rc: info: service legacy-services successfully started
[10:14:14] INFO: Service SSH exited with code 1 (by signal 0)
s6-rc: info: service legacy-services: stopping
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service init-mysql: stopping
s6-rc: info: service init-mosquitto: stopping
s6-rc: info: service init-docker: stopping
s6-rc: info: service ttyd: stopping
s6-rc: info: service sshd: stopping
s6-rc: info: service init-mysql successfully stopped
s6-rc: info: service init-mosquitto successfully stopped
s6-rc: info: service init-docker successfully stopped
s6-rc: info: service sshd successfully stopped
[10:14:14] INFO: Service ttyd exited with code 0 (by signal 0)
s6-rc: info: service ttyd successfully stopped
s6-rc: info: service init-user: stopping
s6-rc: info: service init-user successfully stopped
s6-rc: info: service init-ssh: stopping
s6-rc: info: service init-ssh successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service base-addon-log-level: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service base-addon-log-level successfully stopped
s6-rc: info: service base-addon-banner: stopping
s6-rc: info: service base-addon-banner successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped
Steps to reproduce
Config
username: homeassistant
password: passpass
authorized_keys: []
sftp: false
compatibility_mode: false
allow_agent_forwarding: false
allow_remote_port_forwarding: true
allow_tcp_forwarding: true
The key files were initally not present in /data. Using the integrated VS Code terminal I created the files with
cd /data
ssh-keygen -t ed25519 -f ssh_host_ed25519_key < /dev/null
ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key < /dev/null
➜ /data ll
total 28K
drwxr-xr-x 2 root root 4.0K Aug 10 08:58 git
-rw------- 1 root root 43 Aug 14 19:26 options.json
-rw------- 1 root root 411 Aug 18 09:58 ssh_host_ed25519_key
-rw-r--r-- 1 root root 102 Aug 18 09:58 ssh_host_ed25519_key.pub
-rw------- 1 root root 3.4K Aug 18 09:58 ssh_host_rsa_key
-rw-r--r-- 1 root root 746 Aug 18 09:58 ssh_host_rsa_key.pub
drwxr-xr-x 8 root root 4.0K Aug 14 19:26 vscode
The addon is still unable to access them.
Thanks!
