Skip to main content

Security

Known hosts

For SSH and rsync operation it is recommend to add the public key of the remote host to the file /addon_configs/3490a758_remote_backup/known_hosts. If you see a warning Missing known_hosts file! then you have not done so and the add-on automatically does it for you each time it is called. Note that this is a security risk which can be fixed by executing ssh-keyscan -t rsa <remote host> >> /addon_configs/3490a758_remote_backup/known_hosts from a terminal, e.g. SSH & Web Terminal.

Key-based authentication

It's recommended that you provide a private key in the ssl directory that can be used for authentication with the remote_host instead of using a remote_password. The public key is automatically generated.

One suggested way to install ssh encryption for this addon

Generate a key

Open a terminal in HA using one of the terminal addons, the Code Server (VSCode) addon, or from the front end of HA pi, etc. Note Home Assistant OS and Supervised mode use the folder /ssl to store the encryption files in. This replaces the ~/.ssh folder many Linux distro's use.

At the terminal prompt:

cd ~/ssl

ssh-keygen -f ~/addon_configs/3490a758_remote_backup/something-unique-ed25519 -t ed25519

Change something-unique-ed25519 to something else but the letters ed25519 might help you in future troubleshooting.

Answer the questions. It is not recommended to add a passphrase for this application.

Copy the key

At the terminal prompt:

ssh-copy-id -i ~/addon_configs/3490a758_remote_backup/something-unique-ed25519 user@host

where something-unique-ed25519 matches the filename you generated above and user@host matches the username and host where you are remote storing the data.

The name something-unique-ed25519 will also be loaded in the addon configuration in the SSH private key box. user will match the username box. host will match the remote host box.

Setup known_hosts

At the terminal prompt:

ssh-keyscan -H 192.168.x.x >> ~/addon_configs/3490a758_remote_backup/known_hosts

where the IP address matches the IP address of the remote host you are sending the file to. host value can also be used here.